Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LinuxLinux Kernel3.7

90 matches found

CVE
CVEadded 2013/11/20 1:19 p.m.76 views

CVE-2013-4592

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.

4CVSS7.7AI score0.00043EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.75 views

CVE-2013-0160

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

2.1CVSS5.6AI score0.00231EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.75 views

CVE-2013-0217

Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions.

5.2CVSS5.8AI score0.00232EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.75 views

CVE-2013-4515

The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.

4.9CVSS6.7AI score0.00042EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.72 views

CVE-2012-4530

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

2.1CVSS6.7AI score0.00362EPSS
CVE
CVEadded 2013/02/18 4:41 a.m.70 views

CVE-2013-0216

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

5.2CVSS5.7AI score0.00076EPSS
CVE
CVEadded 2013/07/15 8:55 p.m.70 views

CVE-2013-4125

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred f...

5.4CVSS5.8AI score0.01428EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.70 views

CVE-2013-4514

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_ui...

4.7CVSS7.5AI score0.00045EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.69 views

CVE-2013-4270

The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.

3.6CVSS5.7AI score0.00044EPSS
CVE
CVEadded 2013/11/20 1:19 p.m.69 views

CVE-2013-4591

Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended at...

6.2CVSS7.8AI score0.00062EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.69 views

CVE-2013-7027

The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.

6.1CVSS6.7AI score0.00371EPSS
CVE
CVEadded 2013/02/22 12:55 a.m.68 views

CVE-2013-0313

The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via...

6.2CVSS6.7AI score0.00044EPSS
CVE
CVEadded 2013/12/14 6:8 p.m.68 views

CVE-2013-6376

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.

5.2CVSS5.8AI score0.00146EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.67 views

CVE-2013-6431

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl cal...

4.7CVSS6.7AI score0.00045EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.66 views

CVE-2013-2894

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

4.7CVSS5.7AI score0.0007EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.66 views

CVE-2013-7026

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system call...

4.7CVSS7.7AI score0.00011EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.65 views

CVE-2013-2898

drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.

1.9CVSS6.7AI score0.00063EPSS
CVE
CVEadded 2013/09/25 10:31 a.m.64 views

CVE-2013-2140

The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka ...

3.8CVSS6.2AI score0.0013EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.64 views

CVE-2013-2896

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

4.7CVSS5.9AI score0.00069EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.63 views

CVE-2013-2548

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_N...

2.1CVSS5.3AI score0.00074EPSS
CVE
CVEadded 2013/02/18 11:56 a.m.62 views

CVE-2012-5375

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with ...

4CVSS5.8AI score0.0008EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.62 views

CVE-2013-4513

Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.

4.9CVSS8.6AI score0.00016EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.62 views

CVE-2013-4516

The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

4.9CVSS6.6AI score0.00039EPSS
CVE
CVEadded 2012/12/27 11:47 a.m.60 views

CVE-2012-5532

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2...

4.9CVSS5.7AI score0.00096EPSS
CVE
CVEadded 2013/02/19 7:55 p.m.60 views

CVE-2013-0290

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.

4.9CVSS5.9AI score0.00036EPSS
CVE
CVEadded 2013/03/06 10:55 p.m.59 views

CVE-2013-1819

The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS file...

4.6CVSS6.6AI score0.00052EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.59 views

CVE-2013-2891

drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

4.7CVSS5.7AI score0.00066EPSS
CVE
CVEadded 2013/03/15 8:55 p.m.58 views

CVE-2013-2546

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

2.1CVSS5.4AI score0.00074EPSS
CVE
CVEadded 2013/02/18 11:56 a.m.57 views

CVE-2012-5374

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

4CVSS5.7AI score0.00043EPSS
CVE
CVEadded 2014/04/01 6:35 a.m.57 views

CVE-2013-7348

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.

4.6CVSS7.6AI score0.00053EPSS
CVE
CVEadded 2013/04/05 9:55 p.m.56 views

CVE-2013-1858

The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child proc...

7.2CVSS6.6AI score0.00912EPSS
CVE
CVEadded 2013/05/03 11:57 a.m.56 views

CVE-2013-1959

kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.

3.7CVSS6.2AI score0.01052EPSS
CVE
CVEadded 2013/12/09 6:55 p.m.54 views

CVE-2013-6432

The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a craft...

4.6CVSS7AI score0.00042EPSS
CVE
CVEadded 2013/11/12 2:35 p.m.53 views

CVE-2013-4512

Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.

4.7CVSS7.1AI score0.00131EPSS
CVE
CVEadded 2013/09/16 1:1 p.m.52 views

CVE-2013-2890

drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

4.7CVSS7.3AI score0.00068EPSS
CVE
CVEadded 2013/08/25 3:27 a.m.52 views

CVE-2013-4205

Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.

4.7CVSS5.6AI score0.00107EPSS
CVE
CVEadded 2013/07/29 1:59 p.m.51 views

CVE-2013-4127

Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.

4.7CVSS5.6AI score0.00044EPSS
CVE
CVEadded 2013/11/04 3:55 p.m.48 views

CVE-2013-2058

The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter.

4.7CVSS5.8AI score0.00044EPSS
CVE
CVEadded 2013/07/29 1:59 p.m.48 views

CVE-2013-4129

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual m...

4.7CVSS6.2AI score0.00046EPSS
CVE
CVEadded 2013/04/29 2:55 p.m.40 views

CVE-2013-3302

Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.

4.4CVSS7.1AI score0.00047EPSS
Total number of security vulnerabilities90