Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2015-12-06	CVE-2015-3195	Information Exposure vulnerability in multiple products The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. network low complexity apple oracle openssl redhat canonical debian opensuse suse fedoraproject CWE-200	5.3
2015-12-02	CVE-2015-8391	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. network low complexity pcre oracle fedoraproject redhat php CWE-119 critical	9.8
2015-12-02	CVE-2015-8386	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. network low complexity pcre fedoraproject oracle php CWE-119 critical	9.8
2014-12-12	CVE-2014-8134	The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. local low complexity linux canonical opensuse suse oracle	3.3
2014-11-10	CVE-2014-8559	Resource Exhaustion vulnerability in multiple products The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. local low complexity linux canonical opensuse novell suse oracle CWE-400	5.5
2014-11-10	CVE-2014-3687	Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. network low complexity linux redhat canonical opensuse novell suse debian oracle CWE-400	7.5
2014-11-10	CVE-2014-3673	Improper Input Validation vulnerability in multiple products The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. network low complexity linux redhat canonical debian opensuse suse oracle CWE-20	7.5
2014-11-10	CVE-2014-3647	arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. local low complexity linux redhat canonical debian opensuse suse oracle	5.5
2014-09-25	CVE-2014-7169	OS Command Injection vulnerability in multiple products GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. network low complexity gnu arista oracle qnap mageia redhat suse opensuse debian ibm canonical novell checkpoint f5 citrix apple vmware CWE-78 critical	9.8
2014-09-24	CVE-2014-6271	OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. network low complexity gnu arista oracle qnap mageia redhat suse opensuse debian ibm canonical novell checkpoint f5 citrix apple vmware CWE-78 critical	9.8