This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2014-04-14
Product Linux Last view 2016-06-01
Version 7 Type Os
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:oracle:linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2016-06-01 CVE-2016-5126

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

8.8 2016-05-11 CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

6.5 2016-02-12 CVE-2015-8631

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

5.3 2016-02-12 CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

8.6 2016-01-12 CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

5.3 2015-12-06 CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

7.5 2015-11-12 CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

5.8 2015-10-05 CVE-2014-9750

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.

4.4 2015-03-02 CVE-2015-0239

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

2.1 2015-03-02 CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

2.1 2015-03-02 CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

5.5 2014-11-10 CVE-2014-8559

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

7.5 2014-11-10 CVE-2014-3687

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

7.5 2014-11-10 CVE-2014-3673

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

5.5 2014-11-10 CVE-2014-3647

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

4.9 2014-05-11 CVE-2014-3145

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

4.9 2014-05-11 CVE-2014-3144

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.

7.1 2014-04-14 CVE-2014-2706

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

CWE : Common Weakness Enumeration

%idName
17% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
17% (3) CWE-269 Improper Privilege Management
11% (2) CWE-125 Out-of-bounds Read
11% (2) CWE-20 Improper Input Validation
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-772 Missing Release of Resource after Effective Lifetime
5% (1) CWE-362 Race Condition
5% (1) CWE-200 Information Exposure
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Snort® IPS/IDS

Date Description
2015-07-13 Linux kernel SCTP Unknown Chunk Types denial of service attempt
RuleID : 34802 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0011.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1012.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1026.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1060.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0057.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0055.nasl - Type: ACT_GATHER_INFO
2017-01-05 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10759.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_ntp_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-12-05 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_a228c7a0ba6611e6b1cf14dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2583.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-08.nasl - Type: ACT_GATHER_INFO
2016-11-14 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2781-1.nasl - Type: ACT_GATHER_INFO
2016-11-11 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-2583.nasl - Type: ACT_GATHER_INFO
2016-11-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2725-1.nasl - Type: ACT_GATHER_INFO
2016-11-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2583.nasl - Type: ACT_GATHER_INFO
2016-10-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1234.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2528-1.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2533-1.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2589-1.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2628-1.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1169.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1170.nasl - Type: ACT_GATHER_INFO
2016-09-29 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160927_kvm_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-1943.nasl - Type: ACT_GATHER_INFO
2016-09-28 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-1943.nasl - Type: ACT_GATHER_INFO