BDU:2015-06243

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-01-13

BDU:2015-06250

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2014-07-19
Modified: 2025-04-12

CVE-2014-4943

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Severity: MEDIUM (6.9) Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2014-08-01
Modified: 2025-04-12

CVE-2014-5045

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.

Severity: MEDIUM (6.2) Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

References:

Package mediawiki updated to version 1.23.1-alt0.M70P.1 for branch p7 in task 126412.

Published: 2014-04-20
Modified: 2025-04-12

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Published: 2014-04-29
Modified: 2025-04-12

CVE-2014-2853

Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Published: 2014-06-06
Modified: 2025-04-12

CVE-2014-3966

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

Severity: LOW (2.6) Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

Version: 2.1.2

Branch p7 update on 2014-08-03

ALT-BU-2014-2913-1

ALT-PU-2014-1971-1

Closed vulnerabilities

BDU:2015-06243

BDU:2015-06250

CVE-2014-3534

CVE-2014-4943

CVE-2014-5045

ALT-PU-2014-1972-1

Closed vulnerabilities

CVE-2014-2665

CVE-2014-2853

CVE-2014-3966