VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2017-16647MedNov 7, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16646MedNov 7, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16645MedNov 7, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB dev

  • CVE-2017-16537MedNov 4, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-16536MedNov 4, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2014-0691HigOct 24, 2017
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

  • CVE-2017-13080MedOct 17, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-15265HigOct 16, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq

  • CVE-2017-12153MedSep 21, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_N

  • CVE-2017-1000251HigSep 12, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel spa

  • CVE-2017-14051MedAug 31, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.

  • CVE-2017-7541HigJul 25, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netl

  • CVE-2017-7542MedJul 21, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

  • CVE-2017-8831MedMay 8, 2017
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "do

  • CVE-2016-9576HigDec 28, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access

  • CVE-2016-9555CriNov 28, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP

  • CVE-2016-7913HigNov 16, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.

  • CVE-2016-5195HigKEVNov 10, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

  • CVE-2016-7425HigOct 16, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_W

  • CVE-2016-7042MedOct 16, 2016
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory co

Page 68 of 72