Lucene search
K

669 matches found

OSV
OSV
added 2019/12/12 8:15 p.m.4 views

CVE-2019-19768

In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure and place it in a per-cpu sub-buffer...

7.5CVSS7.2AI score
Exploits0References11
OSV
OSV
added 2019/11/14 2:15 p.m.6 views

CVE-2019-18885

fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfsverifydevextents NULL pointer dereference via a crafted btrfs image because fsdevices-devices is mishandled within finddevice, aka CID-09ba3bc9dd15...

5.5CVSS8.8AI score0.01216EPSS
Exploits1References12
Saint
Saint
added 2019/10/24 12:0 a.m.146 views

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

1.4AI score
Exploits0
OSV
OSV
added 2019/10/08 12:15 a.m.6 views

CVE-2019-17351

An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7...

6.5CVSS8.6AI score
Exploits0References8
OSV
OSV
added 2018/05/28 1:29 p.m.8 views

CVE-2018-11508

The compatgettimex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex...

5.5CVSS5.8AI score
Exploits0References10
OSV
OSV
added 2018/01/11 7:29 a.m.9 views

CVE-2018-5332

In the Linux kernel through 3.2, the rdsmessageallocsgs function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write related to the rdsrdmaextrasize function in net/rds/rdma.c...

7.8CVSS8.3AI score
Exploits0References15
OSV
OSV
added 2017/12/18 8:29 a.m.7 views

CVE-2017-17741

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a writemmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h...

6.5CVSS5.4AI score
Exploits0References13
CVE
CVE
added 2017/04/13 4:0 p.m.52 views

CVE-2016-4031

Technical details about CVE-2016-4031 are not publicly available in the provided documents. Monitor for updates.

6.8CVSS6.7AI score0.0052EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2016/07/03 9:59 p.m.6 views

CVE-2016-4998

The IPTSOSETREPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service out-of-bounds read or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted...

7.1CVSS7.1AI score
Exploits0References27
OSV
OSV
added 2016/05/02 10:59 a.m.5 views

CVE-2016-2185

The atiremote2probe function in drivers/input/misc/atiremote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted endpoints value in a USB device descriptor...

4.6CVSS7.7AI score
Exploits0References26
OSV
OSV
added 2016/05/02 10:59 a.m.6 views

CVE-2014-9717

fs/namespace.c in the Linux kernel before 4.0.2 processes MNTDETACH umount2 system calls without verifying that the MNTLOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user...

6.1CVSS7.2AI score
Exploits0References11
OSV
OSV
added 2015/08/31 10:59 a.m.11 views

CVE-2015-3291

arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service skipped NMI by modifying the rsp register, issuing a syscall instruction, and triggering an NM...

5.8AI score
Exploits0References12
OSV
OSV
added 2015/05/18 3:59 p.m.7 views

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

7.4AI score
Exploits0References4
OSV
OSV
added 2014/09/28 10:55 a.m.8 views

CVE-2014-3631

The assocarraygc function in the associative-array implementation in lib/assocarray.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified othe...

6AI score
Exploits0References9
OSV
OSV
added 2014/05/11 9:55 p.m.6 views

CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings...

5.8AI score
Exploits0References17
OSV
OSV
added 2013/11/12 2:35 p.m.5 views

CVE-2013-4515

The bcmcharioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTLBCMGETDEVICEDRIVERINFO ioctl call...

7.1AI score
Exploits0References17
OSV
OSV
added 2013/06/07 2:3 p.m.6 views

CVE-2013-2851

Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/mdmod/parameters/newarray in order to create a crafted /dev/md device nam...

7.5AI score
Exploits0References14
OSV
OSV
added 2013/04/22 11:41 a.m.4 views

CVE-2013-3225

The rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

5.7AI score
Exploits0References11
OSV
OSV
added 2012/12/27 11:47 a.m.6 views

CVE-2012-2669

The main function in tools/hv/hvkvpdaemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message...

5.7AI score
Exploits0References7
OSV
OSV
added 2012/06/13 10:24 a.m.8 views

CVE-2012-2375

The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service OOPS by sending an excessive number of bitmap words in an...

7.5AI score
Exploits0References8
Rows per page
Query Builder