Vulnerabilities > Suse > Linux Enterprise High Availability Extension > High

DATE CVE VULNERABILITY TITLE RISK
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
local
low complexity
linux redhat suse opensuse canonical oracle
7.8
2014-06-05 CVE-2014-3468 Incorrect Calculation of Buffer Size vulnerability in multiple products
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
network
low complexity
gnu redhat debian suse f5 CWE-131
7.5
2014-03-14 CVE-2014-2323 SQL Injection vulnerability in multiple products
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
network
low complexity
lighttpd debian opensuse suse CWE-89
7.5
2012-05-17 CVE-2012-1097 NULL Pointer Dereference vulnerability in multiple products
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
local
low complexity
linux redhat suse CWE-476
7.8
2010-09-30 CVE-2010-2537 The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.
local
low complexity
linux canonical suse
7.1
2010-09-08 CVE-2010-2798 NULL Pointer Dereference vulnerability in multiple products
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
7.8
2010-05-07 CVE-2010-1437 Use After Free vulnerability in multiple products
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.
local
high complexity
linux opensuse suse debian CWE-416
7.0