Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-28 | CVE-2015-6850 | Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5 EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | 8.4 |
| 2015-12-28 | CVE-2015-8660 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | 6.7 |
| 2015-12-28 | CVE-2015-8569 | Information Exposure vulnerability in Linux Kernel The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-8543 | Unspecified vulnerability in Linux Kernel The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. | 7.0 |
| 2015-12-28 | CVE-2015-8374 | Information Exposure vulnerability in Linux Kernel fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | 4.0 |
| 2015-12-28 | CVE-2015-7990 | Race Condition vulnerability in Linux Kernel Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | 5.8 |
| 2015-12-28 | CVE-2015-7885 | Information Exposure vulnerability in Linux Kernel The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-7884 | Information Exposure vulnerability in Linux Kernel The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | 2.3 |
| 2015-12-28 | CVE-2015-7509 | Improper Input Validation vulnerability in Linux Kernel fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | 4.4 |
| 2015-12-28 | CVE-2013-7446 | Unspecified vulnerability in Linux Kernel Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | 5.3 |