8 matches found
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2015-5300
CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...
CVE-2015-5219
CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...
CVE-2015-5194
CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...
CVE-2022-27239
CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...
CVE-2016-4953
CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...
CVE-2016-4954
The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...
CVE-2016-4957
ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...