CVE-2015-1142857

HIGH Year: 2015
CVSS v3 Score
8.6
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-254
View all →

Vulnerability Description

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.

Related Vulnerabilities

CVE-2016-6597

HIGH
CVSS:8.6(High)

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the re...

CWE-2542016

CVE-2016-6340

HIGH
CVSS:8.4(High)

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force a...

CWE-2542016

CVE-2014-3150

HIGH
CVSS:8.8(High)

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.

CWE-2542014

CVE-2015-7330

HIGH
CVSS:8.8(High)

Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol.

CWE-2542015

CVE-2015-7843

HIGH
CVSS:8.8(High)

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003...

CWE-2542015

CVE-2016-1672

HIGH
CVSS:8.8(High)

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers...

CWE-2542016