VYPR

Vendor CVEs

Linux

All CVEs

15,975 total · sorted by risk
  • CVE-2020-25661HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.02

    A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing…

  • CVE-2020-25645HigOct 13, 2020
    risk 0.49cvss 7.5epss 0.02

    A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic…

  • CVE-2020-1749HigSep 9, 2020
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather…

  • CVE-2019-19768HigDec 12, 2019
    risk 0.49cvss 7.5epss 0.04

    In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

  • CVE-2019-17075HigOct 1, 2019
    risk 0.49cvss 7.5epss 0.06

    An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable…

  • CVE-2019-15099HigAug 16, 2019
    risk 0.49cvss 7.5epss 0.04

    drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

  • CVE-2018-16871HigJul 30, 2019
    risk 0.49cvss 7.5epss 0.03

    A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine…

  • CVE-2019-8980HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.06

    A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

  • CVE-2017-18057HigMar 16, 2018
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.

  • CVE-2017-1000410HigDec 7, 2017
    risk 0.49cvss 7.5epss 0.04

    The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their…

  • CVE-2017-1000405HigNov 30, 2017
    risk 0.49cvss 7.0epss 0.03

    The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new…

  • CVE-2017-11089HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.01

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes

  • CVE-2017-11055HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.

  • CVE-2017-11052HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.

  • CVE-2017-7533HigAug 5, 2017
    risk 0.49cvss 7.0epss 0.01

    Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename…

  • CVE-2017-1000080HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.

  • CVE-2017-1000079HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Linux foundation ONOS 1.9.0 is vulnerable to a DoS.

  • CVE-2017-10810HigJul 4, 2017
    risk 0.49cvss 7.5epss 0.04

    Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.

  • CVE-2017-8797HigJul 2, 2017
    risk 0.49cvss 7.5epss 0.09

    The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions.…

  • CVE-2017-7645HigApr 18, 2017
    risk 0.49cvss 7.5epss 0.06

    The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

  • CVE-2017-7618HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.04

    crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

  • CVE-2017-0569HigApr 7, 2017
    risk 0.49cvss 7.0epss 0.08

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-6214HigFeb 23, 2017
    risk 0.49cvss 7.5epss 0.05

    The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.

  • CVE-2017-5970HigFeb 14, 2017
    risk 0.49cvss 7.5epss 0.04

    The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.

  • CVE-2016-9919HigDec 8, 2016
    risk 0.49cvss 7.5epss 0.06

    The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.

  • CVE-2016-8666HigOct 16, 2016
    risk 0.49cvss 7.5epss 0.05

    The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4…

  • CVE-2016-7039HigOct 16, 2016
    risk 0.49cvss 7.5epss 0.08

    The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only…

  • CVE-2016-4998HigJul 3, 2016
    risk 0.49cvss 7.1epss 0.02

    The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access…

  • CVE-2016-5244HigJun 27, 2016
    risk 0.49cvss 7.5epss 0.06

    The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

  • CVE-2016-4580HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.04

    The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.

  • CVE-2016-4558HigMay 23, 2016
    risk 0.49cvss 7.0epss 0.01

    The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to…

  • CVE-2016-4485HigMay 23, 2016
    risk 0.49cvss 7.5epss 0.05

    The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

  • CVE-2003-1604HigMay 2, 2016
    risk 0.49cvss 7.5epss 0.04

    The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to…

  • CVE-2011-1770HigJun 24, 2011
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a…

  • CVE-2010-4805HigMay 26, 2011
    risk 0.49cvss 7.5epss 0.04

    The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function…

  • CVE-2010-4251HigMay 26, 2011
    risk 0.49cvss 7.5epss 0.04

    The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by…

  • CVE-2011-0709HigFeb 18, 2011
    risk 0.49cvss 7.5epss 0.04

    The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

  • CVE-2010-1437HigMay 7, 2010
    risk 0.49cvss 7.0epss 0.01

    Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands…

  • CVE-2009-3547HigNov 4, 2009
    risk 0.49cvss 7.0epss 0.05

    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

  • CVE-2006-7229HigNov 15, 2007
    risk 0.49cvss 7.5epss 0.03

    The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.

  • CVE-2006-4997HigOct 10, 2006
    risk 0.49cvss 7.5epss 0.05

    The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

  • CVE-2006-5158HigOct 5, 2006
    risk 0.49cvss 7.5epss 0.03

    The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

  • CVE-2006-2275HigMay 9, 2006
    risk 0.49cvss 7.5epss 0.03

    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

  • CVE-2005-2801HigSep 6, 2005
    risk 0.49cvss 7.5epss 0.03

    xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.

  • CVE-2002-0704HigJul 26, 2002
    risk 0.49cvss 7.5epss 0.03

    The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

  • CVE-2026-46326HigJun 9, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use.

  • CVE-2026-46288HigJun 8, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to…

  • CVE-2026-46270HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `devm_` variant for allocating/registering the `power_supply` handle, means that…

  • CVE-2026-46251HigJun 3, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block group tree to the switch_commits list before calling switch_commit_roots, as we…

  • CVE-2026-43274HigMay 6, 2026
    risk 0.48cvss 8.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of…

Page 45 of 320