 |
|
|
|
| NVidia Linux / Unix drivers privilege escalation | | Published: |  | 26.04.2012 | | Source: |  | CVE | | SecurityVulns ID: |  | 12348 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Kernel memory access is possible. |
| CVE: |  | CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.) |
Linux kernel multiple security vulnerabilities
updated since 02.04.2012 | | Published: | | 26.04.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12305 | | Type: | | local | | Level: | | 6/10 | | Description: | | DoS, information leakage, privilege escalation. |
| Affected: |  | LINUX : kernel 2.6 | | CVE: | | CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.) | | | | CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.) | | | | CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.) | | | | CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.) | | | | CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.) | | | | CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.) | | | | CVE-2011-4347 | | | | CVE-2011-3347 | | | | CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.) | | | | CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 26.04.2012 | | Source: | | | | SecurityVulns ID: | | 12350 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | WORDPRESS : Organizer 1.2 | | | | PIWIGO : Piwigo 2.3 | | CVE: | | CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module.) | | | | CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.) |
Nova DoS
updated since 26.04.2012 | | Published: | | 14.05.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12349 | | Type: | | local | | Level: | | 4/10 | | Description: | | Resources exhaustion via oversized username. Resources exhaustion by quota limitatations bypass. |
| Affected: | | NOVA : Nova 2011.3 | | CVE: | | CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.) | | | | CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.) |
|
|
|
|
|
|
|
|
