VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2026-31611HigApr 24, 2026
    risk 0.49cvss 8.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on match reads sid.sub_auth[2] as the file mode. If sid_unix_NFS_mode is the prefix…

  • CVE-2026-23457HigApr 3, 2026
    risk 0.49cvss 8.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in…

  • CVE-2026-23148HigFeb 14, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done()…

  • CVE-2026-23139HigFeb 14, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed.…

  • CVE-2026-23136HigFeb 14, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read…

  • CVE-2026-23095HigFeb 4, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in…

  • CVE-2026-23003HigJan 25, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() instead of pskb_inet_may_pull(). [1] …

  • CVE-2026-22998HigJan 25, 2026
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset…

  • CVE-2026-22997HigJan 25, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is…

  • CVE-2026-22992HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This…

  • CVE-2026-22991HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(),…

  • CVE-2026-22990HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. …

  • CVE-2025-71066HigJan 13, 2026
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and…

  • CVE-2025-38566HigAug 19, 2025
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS…

  • CVE-2024-24423HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial…

  • CVE-2024-24422HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a…

  • CVE-2024-24419HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause…

  • CVE-2024-24418HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS)…

  • CVE-2024-24417HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a…

  • CVE-2024-24416HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.01

    The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of…

  • CVE-2024-57791HigJan 11, 2025
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should…

  • CVE-2023-39179HigNov 18, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive…

  • CVE-2024-50083HigOct 29, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[…

  • CVE-2024-49997HigOct 21, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses…

  • CVE-2024-42225HigJul 30, 2024
    risk 0.49cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data

  • CVE-2023-52883HigJun 20, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.

  • CVE-2022-48748HigJun 20, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port…

  • CVE-2022-48747HigJun 20, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized…

  • CVE-2024-38573HigJun 19, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as…

  • CVE-2024-36972HigJun 10, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets,…

  • CVE-2021-47486HigMay 22, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL,…

  • CVE-2021-47295HigMay 21, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In…

  • CVE-2021-47259HigMay 21, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this…

  • CVE-2021-47241HigMay 21, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message…

  • CVE-2023-52696HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

  • CVE-2024-27405HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended…

  • CVE-2024-26854HigApr 17, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And…

  • CVE-2024-26620HigMar 11, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP…

  • CVE-2023-46838HigJan 29, 2024
    risk 0.49cvss 7.5epss 0.01

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts…

  • CVE-2023-39198HigNov 9, 2023
    risk 0.49cvss 7.5epss 0.00

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the…

  • CVE-2023-32252HigJul 24, 2023
    risk 0.49cvss 7.5epss 0.04

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this…

  • CVE-2023-32248HigJul 24, 2023
    risk 0.49cvss 7.5epss 0.04

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An…

  • CVE-2023-32247HigJul 24, 2023
    risk 0.49cvss 7.5epss 0.04

    A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to…

  • CVE-2023-3312HigJun 19, 2023
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.

  • CVE-2023-2156HigMay 9, 2023
    risk 0.49cvss 7.5epss 0.06

    A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to…

  • CVE-2022-0400HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

  • CVE-2021-38202HigAug 8, 2021
    risk 0.49cvss 7.5epss 0.03

    fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.

  • CVE-2020-25672HigMay 25, 2021
    risk 0.49cvss 7.5epss 0.03

    A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

  • CVE-2002-2438HigMay 18, 2021
    risk 0.49cvss 7.5epss 0.04

    TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.

  • CVE-2020-25705HigNov 17, 2020
    risk 0.49cvss 7.4epss 0.07

    A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as…

Page 44 of 320