Lucene search
K
SuseOpenstack Cloud

8 matches found

CVE
CVE
added 2026/04/22 8:15 a.m.871 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2017/07/21 2:0 p.m.247 views

CVE-2015-5300

CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...

7.5CVSS7.6AI score0.0913EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.202 views

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

7.5CVSS7.1AI score0.05839EPSS
CVE
CVE
added 2017/07/21 2:0 p.m.183 views

CVE-2015-5194

CVE-2015-5194: ntpd’s log_config_command in ntp_parser.y allows remote attackers to crash ntpd via crafted logconfig commands. Affected are ntpd before 4.2.7p42; remediation is to upgrade to a fixed version (4.2.7p42+). Connected advisories from F5/IBM detail affected products and patch guidance ...

7.5CVSS7.1AI score0.05536EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.182 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00562EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.142 views

CVE-2016-4953

CVE-2016-4953 affects ntpd (NTP 4.x) and relates to DoS via crafted CRYPTO_NAK or spoofed packets that can demobilize ephemeral associations, potentially disrupting time synchronization. Connected docs confirm multiple ntpd-family vulnerabilities (CVE-2016-4953/4954/4955/4956/4957) with root caus...

7.5CVSS7.3AI score0.17245EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.139 views

CVE-2016-4954

The CVE-2016-4954 entry affects ntpd (NTP v4) and is triggered by the process_packet() function in ntp_proto.c, where NTP 4.x versions before 4.2.8p8 can be caused to enter a peer-variable modification state when it receives spoofed packets from multiple sources, demonstrated by an incorrect leap...

7.5CVSS6.9AI score0.13208EPSS
CVE
CVE
added 2016/07/05 1:0 a.m.94 views

CVE-2016-4957

ntpd (NTP) before version 4.2.8p8 is vulnerable to a remote DoS via specially crafted crypto-NAK packets, causing ntpd to crash. This issue stems from an incorrect fix applied after CVE-2016-1547 and affects ntpd’s handling of CRYPTO-NAK. Public references indicate an impact to the daemon’s avail...

7.5CVSS6.2AI score0.44936EPSS