VYPR

Vendor CVEs

Linux

All CVEs

15,998 total · sorted by risk
  • CVE-2018-5390HigAug 6, 2018
    risk 0.06cvss 7.5epss 0.74

    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

  • CVE-2022-47938MedDec 23, 2022
    risk 0.05cvss 6.5epss 0.58

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.

  • CVE-2021-43267CriNov 2, 2021
    risk 0.05cvss 9.8epss 0.58

    An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

  • CVE-2021-3490HigJun 4, 2021
    risk 0.05cvss 7.8epss 0.27

    The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit…

  • CVE-2010-1173May 7, 2010
    risk 0.05cvss epss 0.21

    The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a…

  • CVE-2006-2444May 25, 2006
    risk 0.05cvss epss 0.21

    The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees…

  • CVE-2004-1137Jan 10, 2005
    risk 0.05cvss epss 0.21

    Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the…

  • CVE-2000-0666Jul 16, 2000
    risk 0.05cvss epss 0.26

    rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

  • CVE-2023-44466HigSep 29, 2023
    risk 0.04cvss 8.8epss 0.55

    An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP…

  • CVE-2022-47939CriDec 23, 2022
    risk 0.04cvss 9.8epss 0.46

    An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

  • CVE-2018-18955HigNov 16, 2018
    risk 0.04cvss 7.0epss 0.08

    In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass…

  • CVE-2018-1120LowJun 20, 2018
    risk 0.04cvss 2.8epss 0.07

    A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which…

  • CVE-2018-8897HigMay 8, 2018
    risk 0.04cvss 7.8epss 0.18

    A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP…

  • CVE-2018-5333MedJan 11, 2018
    risk 0.04cvss 5.5epss 0.08

    In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

  • CVE-2017-18017CriJan 3, 2018
    risk 0.04cvss 9.8epss 0.53

    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the…

  • CVE-2013-4579Nov 20, 2013
    risk 0.04cvss epss 0.10

    The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the…

  • CVE-2012-0056Jan 27, 2012
    risk 0.04cvss epss 0.11

    The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

  • CVE-2010-0437Mar 24, 2010
    risk 0.04cvss epss 0.12

    The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer…

  • CVE-2009-3726Nov 9, 2009
    risk 0.04cvss epss 0.12

    The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which…

  • CVE-2009-3613Oct 19, 2009
    risk 0.04cvss epss 0.12

    The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated…

  • CVE-2009-0065Jan 7, 2009
    risk 0.04cvss epss 0.17

    Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

  • CVE-2008-0352Jan 18, 2008
    risk 0.04cvss epss 0.10

    The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).

  • CVE-2007-4567Dec 21, 2007
    risk 0.04cvss epss 0.14

    The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

  • CVE-2007-1357Apr 11, 2007
    risk 0.04cvss epss 0.14

    The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made…

  • CVE-2006-3468Jul 21, 2006
    risk 0.04cvss epss 0.16

    Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported…

  • CVE-2005-0815May 2, 2005
    risk 0.04cvss epss 0.13

    Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

  • CVE-2003-0619Aug 27, 2003
    risk 0.04cvss epss 0.11

    Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.

  • CVE-2001-0405Jul 2, 2001
    risk 0.04cvss epss 0.10

    ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

  • CVE-2000-0506Jun 9, 2000
    risk 0.04cvss epss 0.11

    The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

  • CVE-1999-1018Jul 27, 1999
    risk 0.04cvss epss 0.07

    IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.

  • CVE-1999-0414Mar 1, 1999
    risk 0.04cvss epss 0.07

    In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

  • CVE-1999-0431Mar 1, 1999
    risk 0.04cvss epss 0.07

    Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

  • CVE-2023-1998MedApr 21, 2023
    risk 0.03cvss 5.6epss 0.01

    The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim…

  • CVE-2022-1043HigAug 29, 2022
    risk 0.03cvss 8.8epss 0.04

    A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

  • CVE-2022-34918HigJul 4, 2022
    risk 0.03cvss 7.8epss 0.05

    An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but…

  • CVE-2022-0995HigMar 25, 2022
    risk 0.03cvss 7.8epss 0.06

    An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

  • CVE-2017-5123HigNov 2, 2021
    risk 0.03cvss 8.8epss 0.04

    Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.

  • CVE-2019-19241HigDec 17, 2019
    risk 0.03cvss 7.8epss 0.01

    In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding…

  • CVE-2019-11599HigApr 29, 2019
    risk 0.03cvss 7.0epss 0.01

    The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified…

  • CVE-2019-9213MedMar 5, 2019
    risk 0.03cvss 5.5epss 0.06

    In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

  • CVE-2019-9162HigFeb 25, 2019
    risk 0.03cvss 7.8epss 0.01

    In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This…

  • CVE-2018-17182HigSep 19, 2018
    risk 0.03cvss 7.8epss 0.03

    An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and…

  • CVE-2018-12904MedJun 27, 2018
    risk 0.03cvss 4.9epss 0.01

    In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.

  • CVE-2018-11508MedMay 28, 2018
    risk 0.03cvss 5.5epss 0.02

    The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.

  • CVE-2014-4322Dec 24, 2014
    risk 0.03cvss epss 0.02

    drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to…

  • CVE-2013-0160Feb 18, 2013
    risk 0.03cvss epss 0.01

    The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

  • CVE-2011-1083Apr 4, 2011
    risk 0.03cvss epss 0.01

    The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

  • CVE-2011-1082Apr 4, 2011
    risk 0.03cvss epss 0.01

    fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a…

  • CVE-2011-1020Feb 28, 2011
    risk 0.03cvss epss 0.01

    The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of…

  • CVE-2010-4243Jan 22, 2011
    risk 0.03cvss epss 0.01

    fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka…

Page 237 of 320