VYPR

Kernel

by Linux

Source repositories

CVEs (15,869)

  • CVE-2004-1137Jan 10, 2005
    risk 0.05cvss epss 0.21

    Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the…

  • CVE-2023-44466HigSep 29, 2023
    risk 0.04cvss 8.8epss 0.55

    An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP…

  • CVE-2022-47939CriDec 23, 2022
    risk 0.04cvss 9.8epss 0.46

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

  • CVE-2018-18955HigNov 16, 2018
    risk 0.04cvss 7.0epss 0.08

    In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass…

  • CVE-2018-1120LowJun 20, 2018
    risk 0.04cvss 2.8epss 0.07

    A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which…

  • CVE-2018-8897HigMay 8, 2018
    risk 0.04cvss 7.8epss 0.19

    A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP…

  • CVE-2018-5333MedJan 11, 2018
    risk 0.04cvss 5.5epss 0.08

    In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

  • CVE-2017-18017CriJan 3, 2018
    risk 0.04cvss 9.8epss 0.53

    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the…

  • CVE-2013-4579Nov 20, 2013
    risk 0.04cvss epss 0.10

    The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the…

  • CVE-2012-0056Jan 27, 2012
    risk 0.04cvss epss 0.11

    The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

  • CVE-2010-0437Mar 24, 2010
    risk 0.04cvss epss 0.12

    The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer…

  • CVE-2009-3726Nov 9, 2009
    risk 0.04cvss epss 0.12

    The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which…

  • CVE-2009-3613Oct 19, 2009
    risk 0.04cvss epss 0.12

    The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated…

  • CVE-2009-0065Jan 7, 2009
    risk 0.04cvss epss 0.17

    Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

  • CVE-2008-0352Jan 18, 2008
    risk 0.04cvss epss 0.10

    The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).

  • CVE-2007-4567Dec 21, 2007
    risk 0.04cvss epss 0.14

    The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

  • CVE-2007-1357Apr 11, 2007
    risk 0.04cvss epss 0.14

    The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made…

  • CVE-2006-3468Jul 21, 2006
    risk 0.04cvss epss 0.16

    Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported…

  • CVE-2005-0815May 2, 2005
    risk 0.04cvss epss 0.13

    Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

  • CVE-2003-0619Aug 27, 2003
    risk 0.04cvss epss 0.11

    Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.

Page 588 of 794