Lucene search
K

74 matches found

CVE
CVE
added 2023/06/05 9:40 p.m.836 views

CVE-2023-3079

Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...

8.8CVSS8.6AI score0.32724EPSS
In wild
CVE
CVE
added 2000/02/04 5:0 a.m.706 views

CVE-1999-0524

CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...

4CVSS6.5AI score0.31586EPSS
CVE
CVE
added 2023/09/13 4:11 p.m.558 views

CVE-2023-4155

CVE-2023-4155 describes a vulnerability in the Linux kernel’s KVM AMD SEV implementation. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race that causes the VMGEXIT handler to be invoked recursively. If the handler is called multiple times, this can lead to a ...

5.6CVSS6.2AI score0.00159EPSS
CVE
CVE
added 2008/10/20 5:0 p.m.522 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
CVE
CVE
added 2018/08/21 7:0 p.m.467 views

CVE-2018-10902

CVE-2018-10902 is a Linux kernel local privilege-escalation flaw in the raw MIDI driver. The issue arises from a race on concurrent access in the snd_rawmidi_ioctl() path (snd_rawmidi_input_params and snd_rawmidi_output_status), causing a double-free/double-realloc in the rawmidi.c handler. Explo...

7.8CVSS6.3AI score0.00523EPSS
CVE
CVE
added 2022/05/31 12:0 a.m.454 views

CVE-2022-1462

CVE-2022-1462 is an out-of-bounds read in the Linux kernel TeleTYpe subsystem triggered by a race using ioctls (TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, TCXONC). Local users can crash the system or read unauthorized memory. Public advisories link this CVE to Linux kernel versions across multiple distrib...

6.3CVSS6.5AI score0.00334EPSS
CVE
CVE
added 2023/07/25 3:47 p.m.435 views

CVE-2023-3772

CVE-2023-3772 is a Linux kernel vulnerability in the IPsec XFRM subsystem that allows a local attacker with CAP_NET_ADMIN to dereference a NULL pointer in xfrm_update_ae_params(), potentially crashing the kernel and causing a denial of service. Connected documents confirm the root cause as a NULL...

5.5CVSS6.1AI score0.00454EPSS
CVE
CVE
added 2023/11/16 5:15 p.m.419 views

CVE-2023-6176

The connected documents confirm CVE-2023-6176 is a Linux kernel issue in the cryptographic algorithm scatterwalk API. A null pointer dereference can be triggered when a local user constructs a malicious packet with specific socket configuration, potentially crashing the system or enabling privile...

4.7CVSS6.5AI score0.00251EPSS
CVE
CVE
added 2020/09/09 2:35 p.m.402 views

CVE-2020-1749

CVE-2020-1749 describes a flaw in the Linux kernel’s IPsec networking implementation (notably VXLAN and GENEVE tunnels over IPv6). When an encrypted tunnel is established between two hosts, tunneled data may be misrouted over the encrypted link, causing data to be sent unencrypted and potentially...

7.5CVSS7AI score0.0124EPSS
CVE
CVE
added 2020/04/09 10:10 p.m.395 views

CVE-2020-8834

Affected software: Linux kernel KVM for PowerPC (KVM with Book3S HV on Power8). Vulnerability arises from conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry and in kvmppc_save_tm()/kvmppc_restore_tm, leading to stack corruption. Consequence: a guest VM kernel-space code execut...

6.5CVSS6.8AI score0.00347EPSS
CVE
CVE
added 2021/03/10 3:30 p.m.375 views

CVE-2021-20265

CVE-2021-20265 affects the Linux kernel: a memory-leak/DoS bug in unix_stream_recvmsg when a signal is pending can exhaust memory locally. Connected docs reference a fix in the upstream kernel (commit fa0dc04df259ba2df3ce1920e9690c7842f8fa4b4) and later kernel slab-leak fixes for af_unix, indicat...

5.5CVSS5.7AI score0.00339EPSS
CVE
CVE
added 2022/08/23 12:0 a.m.369 views

CVE-2021-3759

CVE-2021-3759 is a memory overflow in the Linux kernel memcg IPC path, where repeated semget calls by a local user can exhaust memory and cause a denial of service. Public docs confirm impact is local and availability-focused. Debian LTS advisory DLA-3244-1 and Amazon ALAS2KERNEL advisories for k...

5.5CVSS6.3AI score0.00345EPSS
CVE
CVE
added 2024/02/04 2:11 p.m.346 views

CVE-2023-6240

CVE-2023-6240 is documented as a Marvin vulnerability side-channel leakage in the Linux kernel RSA decryption operation. The connected Nessus entries confirm this CVE is listed among multiple advisories, referencing the same vulnerability block and associating it with Linux Kernel RSA decryption ...

6.5CVSS6AI score0.00969EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.317 views

CVE-2022-3566

CVE-2022-3566 affects the Linux kernel TCP handler (tcp_getsockopt/tcp_setsockopt) with a race condition. The connected documents show multiple vendor/OS advisories (ALAS2KERNEL-5.15-2024-053, ALAS2KERNEL-5.4-2024-084, ALAS2KERNEL-5.10-2024-066, ALAS-2024-2622, ALAS2KERNEL-5.15-2024-053, ALAS2KER...

7.1CVSS6.4AI score0.00344EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.308 views

CVE-2023-1073

CVE-2023-1073 is a memory corruption flaw in the Linux kernel HID subsystem triggered by inserting a malicious USB device. The impact is local: a nearby user can crash the system or potentially escalate privileges. Public documents confirm the issue is tracked across multiple advisories (e.g., AL...

6.6CVSS7AI score0.00391EPSS
CVE
CVE
added 2022/09/01 12:0 a.m.298 views

CVE-2022-2663

CVE-2022-2663 is a Linux kernel issue in nf_conntrack_irc where message handling can be confused, causing incorrect matching and potentially allowing a firewall bypass when users operate with unencrypted IRC with nf_conntrack_irc enabled. The primary affected component is nf_conntrack_irc within ...

5.3CVSS6.1AI score0.01429EPSS
CVE
CVE
added 2024/02/07 9:4 p.m.298 views

CVE-2023-6535

CVE-2023-6535 affects the Linux kernel NVMe driver. A crafted TCP packet sequence over NVMe over TCP may cause a NULL pointer dereference in the NVMe driver, leading to a kernel panic and denial of service. Connected documents confirm the same vulnerability text and its presence in multiple advis...

7.5CVSS6.9AI score0.01549EPSS
CVE
CVE
added 2023/12/08 4:58 p.m.298 views

CVE-2023-6610

CVE-2023-6610 is an out-of-bounds read in Linux kernel’s smb2_dump_detail() (fs/smb/client/smb2ops.c). The vulnerability can allow a local attacker to crash the kernel or leak internal kernel information. Connected advisories (e.g., MiracleLinux/Tencent/Tenable Nessus entries) confirm the issue a...

7.1CVSS6.7AI score0.0043EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.275 views

CVE-2022-3567

CVE-2022-3567 is a Linux Kernel vulnerability affecting the IPv6 stack, specifically the inet6_stream_ops/inet6_dgram_ops in the IPv6 Handler. The issue is a race condition introduced in the kernel code (as described in the provided sources). A patch is recommended to fix the issue. The connected...

6.4CVSS6.4AI score0.00301EPSS
CVE
CVE
added 2022/10/08 12:0 a.m.274 views

CVE-2022-3435

CVE-2022-3435 affects the Linux kernel: an out-of-bounds read in fib_nh_match (net/ipv4/fib_semantics.c) could be exploited remotely by a remote, unauthenticated/partially privileged actor per the CVSS vector. The issue is rated CVSS v3.1 base 4.3 (Medium) with low impact to confidentiality and n...

4.3CVSS6AI score0.03681EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.269 views

CVE-2023-1076

CVE-2023-1076 describes a Linux kernel flaw in tun/tap initialisation where the socket uid is hardcoded to 0 due to a type confusion. The result can cause tun/tap sockets to be treated as if they have root privileges when filtering/routing decisions are made, potentially bypassing network filters...

5.5CVSS6.4AI score0.00257EPSS
CVE
CVE
added 2022/11/23 2:11 p.m.265 views

CVE-2022-42895

CVE-2022-42895: Infoleak in Linux kernel (net/bluetooth/l2cap_core.c: l2cap_parse_conf_req) can leak kernel pointers remotely. Affected: Linux kernel (including versions cited by Astra Linux bulletin; e.g., linux-5.10/5.15 per connected docs). Root cause: information disclosure in L2CAP config re...

6.5CVSS6.7AI score0.00395EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.258 views

CVE-2023-1075

CVE-2023-1075 is a Linux kernel TLS TLS: tls_is_tx_ready vulnerability. The issue arises from tls_is_tx_ready() performing a flawed check of list emptiness on a tls-related list, allowing a type-confused entry to be treated as a valid list_head and potentially leaking the last byte of a field tha...

3.3CVSS5.4AI score0.00217EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.257 views

CVE-2023-1074

CVE-2023-1074 is a memory-leak flaw in the Linux kernel SCTP implementation that can allow a local attacker to exhaust resources and cause a denial of service when a malicious networking service connects. The issue is described across multiple connected sources (e.g., Debian/AlmaLinux advisories ...

5.5CVSS6AI score0.00238EPSS
CVE
CVE
added 2022/09/16 4:8 p.m.248 views

CVE-2022-36402

CVE-2022-36402 is described in connected advisories as an integer overflow in the vmwgfx driver (Linux kernel) within vmwgfx_execbuf.c, affecting GPUs exposed via /dev/dri/renderD128 (Dxxx). The vulnerability allows a local attacker with a user account to gain elevated privileges and can cause a ...

6.3CVSS6.2AI score0.00463EPSS
CVE
CVE
added 2021/01/14 1:10 a.m.245 views

CVE-2020-16119

CVE-2020-16119 is a Linux kernel use-after-free vulnerability in DCCP where a socket reused as a listener after release (with an attached dccps_hc_tx_ccid) can be exploited locally. Affected: Linux kernel variants affected by upstream fixes; the issue allows local escalation to execute code or ca...

7.8CVSS6.4AI score0.00422EPSS
CVE
CVE
added 2018/09/10 1:0 p.m.243 views

CVE-2018-14625

The CVE-2018-14625 entry describes a Linux kernel vulnerability in the vsock (AF_VSOCK) implementation. A race condition between connect() and close() can lead to a use-after-free that may enable a local attacker running inside a guest VM to read kernel memory (information leak) or potentially in...

7CVSS7.2AI score0.00333EPSS
CVE
CVE
added 2023/07/25 3:47 p.m.240 views

CVE-2023-3773

The CVE-2023-3773 entry describes a flaw in the Linux kernel’s XFRM (IP framework) where parsing netlink attributes can trigger a 4-byte out-of-bounds read of XFRMA_MTIMER_THRESH. This could allow a malicious user with CAP_NET_ADMIN to leak sensitive heap data to userspace. The provided descripti...

5.5CVSS6AI score0.00237EPSS
CVE
CVE
added 2017/10/30 8:0 p.m.230 views

CVE-2017-1000255

The connected Nessus entries confirm CVE-2017-1000255 affects PowerPC Linux kernels on Power8+ where a user can craft a signal frame and sigreturn to corrupt the kernel stack by using the r1 value from the signal frame. This can overwrite arbitrary kernel memory, causing an oops and potential pan...

6.6CVSS6AI score0.00382EPSS
CVE
CVE
added 2023/07/24 3:19 p.m.225 views

CVE-2023-3640

CVE-2023-3640 – summary (Linux kernel x86 per-CPU entry area leak) A local memory leakage flaw was identified in the Linux kernel’s cpu_entry_area mapping for X86, enabling a local user to infer addresses of exception stacks and other kernel data. The vulnerability stems from partial randomness o...

7.8CVSS6.7AI score0.00719EPSS
CVE
CVE
added 2022/01/31 3:57 p.m.224 views

CVE-2022-0286

Summary: CVE-2022-0286 affects the Linux kernel and is caused by a null pointer dereference in bond_ipsec_add_sa(), which can enable a local attacker to cause a denial of service. The NVD metrics indicate a Local, Low/Medium impact with a base CVSSv3.1 score of 5.5 (I/N/A high) and base CVSSv2 sc...

5.5CVSS6.4AI score0.00531EPSS
CVE
CVE
added 2019/12/11 2:45 p.m.218 views

CVE-2019-14899

CVE-2019-14899 is a routing-path/kernel issue affecting macOS (and cited across Linux, FreeBSD, OpenBSD, iOS, Android). The root cause is a VPN-tunnel routing problem that allows a local/adjacent attacker to inject into active VPN connections, enabling data injection and potential VPN hijacking. ...

7.4CVSS7.3AI score0.00838EPSS
CVE
CVE
added 2022/10/16 12:0 a.m.215 views

CVE-2022-3523

CVE-2022-3523 (Linux kernel) is addressed in MiracleLinux AXSA-2023-7038: the issue is a use-after-free in mm/memory.c during memory fault handling (memory manager race on private device pages). The Nessus/Miracle advisory lists this as one of multiple kernel CVEs affected on kernel 5.14.x builds...

5.3CVSS6.3AI score0.00862EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.211 views

CVE-2022-3619

CVE-2022-3619 is a memory-leak vulnerability in the Linux kernel Bluetooth subsystem (function l2cap_recv_acldata in net/bluetooth/l2cap_core.c). The Connected documents confirm the issue and its inclusion in kernel security advisories, and several sources list it among fixes in kernel updates. T...

4.3CVSS5.9AI score0.00567EPSS
CVE
CVE
added 2018/07/26 6:0 p.m.202 views

CVE-2018-10876

A confirmed vulnerability in the Linux kernel ext4 filesystem: CVE-2018-10876 is a use-after-free in ext4_ext_remove_space() when mounting a crafted ext4 image, allowing a local attacker to crash the system and, per some sources, potentially execute arbitrary code. Public references in the connec...

5.5CVSS5.9AI score0.00774EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.194 views

CVE-2022-3646

CVE-2022-3646 is a Linux kernel vulnerability affecting the nilfs_attach_log_writer function in fs/nilfs2/segment.c (BPF component). The issue enables a memory leak and may be exploitable remotely. A patch is recommended to fix this issue (VDB-211961).

4.3CVSS6.5AI score0.00812EPSS
CVE
CVE
added 2018/07/27 6:0 p.m.193 views

CVE-2018-10882

CVE-2018-10882 affects the Linux kernel ext4 implementation. A local user can trigger an out-of-bounds write in fs/jbd2/transaction.c by mounting/unmounting a crafted ext4 image, causing denial of service and potential system crash. Public details describe the vulnerability as part of ext4 file-s...

5.5CVSS5.9AI score0.00723EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.184 views

CVE-2016-0774

CVE-2016-0774 affects Linux kernel backports in Debian wheezy (before 3.2.73-2+deb7u3) and RHEL 7.1 (before 3.10.0-229.26.2). The flaw is in the pipe_read/pipe_write paths in fs/pipe.c where the side effects of failed __copy_to_user_inatomic/__copy_from_user_inatomic calls are not properly handle...

6.8CVSS6.7AI score0.00337EPSS
CVE
CVE
added 2023/12/21 8:2 p.m.181 views

CVE-2023-7042

CVE-2023-7042 affects the Linux kernel in the ath10k wireless driver: a null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() can lead to a denial of service. Connected advisories confirm the issue is mitigated by updating to patched kernels (examples: Debian security notices list...

5.5CVSS6.9AI score0.00283EPSS
CVE
CVE
added 2017/11/14 5:0 p.m.178 views

CVE-2017-6264

CVE-2017-6264 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver used on Android, specifically within the gm20b_clk_throt_set_cdev_state path. An out-of-bounds memory read can be used as a function pointer, potentially allowing a local attacker to execute arbitrary code in kernel...

9.3CVSS7.2AI score0.01593EPSS
CVE
CVE
added 2018/02/09 10:0 p.m.174 views

CVE-2014-8171

CVE-2014-8171 affects the Linux kernel memcg (memory resource controller). The description shows that a local user can spawn new processes within a memory-constrained cgroup, and this handling of OOM could lead to a deadlock, yielding a local denial of service. The incident is tied to the memcg O...

5.5CVSS5.4AI score0.00392EPSS
CVE
CVE
added 2023/07/31 4:22 p.m.162 views

CVE-2023-4010

CVE-2023-4010 reports a denial-of-service in the Linux kernel USB Host Controller Driver (framework) specifically in usb_giveback_urb. The description indicates a logic error in the goto-condition can cause the function to loop indefinitely when presented with a malformed descriptor, leading to D...

4.6CVSS4.4AI score0.00516EPSS
CVE
CVE
added 2022/10/20 12:0 a.m.161 views

CVE-2022-3621

CVE-2022-3621 : A vulnerability in the Linux kernel component nilfs2 affects the function nilfs_bmap_lookup_at_level in fs/nilfs2/inode.c. The issue enables a NULL pointer dereference, with the document noting that the flaw can be exploited remotely. The vulnerability is caused by manipulation of...

6.5CVSS6.2AI score0.01218EPSS
CVE
CVE
added 2021/06/02 10:42 a.m.145 views

CVE-2020-10742

CVE-2020-10742 : The Linux kernel vulnerability is an index buffer overflow during Direct IO writes that can cause the NFS client to crash and, in some cases, a kernel panic after a kmalloc memory allocation has a reach-out beyond the allocated buffer. The described impact includes data confident...

6CVSS6.5AI score0.00263EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.145 views

CVE-2022-3629

CVE-2022-3629 affects the Linux kernel’s vsock_connect in net/vmw_vsock/af_vsock.c, causing a memory leak. The issue is described as a local problem with low overall severity (CVSS 3.1: low, availability impact), and exploitation is not trivial but feasible locally. The primary remediation guidan...

3.3CVSS5.8AI score0.00326EPSS
CVE
CVE
added 2022/08/26 3:25 p.m.139 views

CVE-2021-3864

CVE-2021-3864 is a local privilege-escalation flaw in the Linux kernel involving how the dumpable flag is handled for descendants of certain SUID binaries. If a SUID binary sets real UID equal to effective UID and real GID equal to effective GID, the descendant’s dumpable value can become 1, so a...

7CVSS6.9AI score0.00726EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.139 views

CVE-2022-4382

CVE-2022-4382 describes a use-after-free in the gadgetfs Linux driver caused by a race among superblock operations. Triggering condition: yanking out a device that is currently running the gadgetfs side. The description in the provided documents states a use-after-free condition and potential imp...

6.4CVSS6AI score0.00484EPSS
CVE
CVE
added 2016/10/07 2:0 p.m.137 views

CVE-2016-3699

CVE-2016-3699 affects the Linux kernel as used in Red Hat Enterprise Linux 7.2 and Red Hat MRG 2 when booted with UEFI Secure Boot. The issue allows local attackers to bypass Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. The connected documents corrob...

7.4CVSS8.2AI score0.00502EPSS
CVE
CVE
added 2023/12/11 6:31 p.m.134 views

CVE-2023-6679

CVE-2023-6679 is a NULL pointer dereference in the Linux kernel DPLL netlink code (dpll_pin_parent_pin_set in drivers/dpll/dpll_netlink.c). The vulnerability allows local attackers to trigger a denial of service. Connected advisories (Red Hat, Oracle, MiracleLinux) indicate kernel updates/fixes a...

5.5CVSS6AI score0.00312EPSS
CVE
CVE
added 2017/12/29 3:0 p.m.130 views

CVE-2016-3695

CVE-2016-3695 in the Linux kernel relates to the einj_error_inject function (drivers/acpi/apei/einj.c). The issue allows a local user to simulate hardware errors and cause a denial of service by failing to disable APEI error injection via EINJ when securelevel is set. The connected documents show...

5.5CVSS5.7AI score0.00511EPSS
Total number of security vulnerabilities74