CVE-2016-4997

Public exploit
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-07-03
Updated
2023-09-12

CVE-2015-3043

Known exploited
Public exploit
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
Max CVSS
10.0
EPSS Score
2.53%
Published
2015-04-14
Updated
2018-10-30
CISA KEV Added
2022-03-03

CVE-2010-3106

Public exploit
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
Max CVSS
9.3
EPSS Score
18.40%
Published
2010-08-23
Updated
2017-09-19

CVE-2008-0926

Public exploit
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Max CVSS
7.5
EPSS Score
34.62%
Published
2008-03-28
Updated
2018-10-15

CVE-2005-2852

Public exploit
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
Max CVSS
5.0
EPSS Score
50.85%
Published
2005-09-08
Updated
2008-09-05

CVE-2005-2551

Public exploit
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
Max CVSS
7.5
EPSS Score
93.05%
Published
2005-08-12
Updated
2008-09-05
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Max CVSS
8.8
EPSS Score
1.01%
Published
2019-04-19
Updated
2022-10-07
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Max CVSS
7.8
EPSS Score
7.14%
Published
2017-10-03
Updated
2018-05-11
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Max CVSS
5.5
EPSS Score
0.05%
Published
2017-06-06
Updated
2023-09-12
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-13
Updated
2023-09-12
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Max CVSS
7.5
EPSS Score
42.75%
Published
2016-09-26
Updated
2022-08-16
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Max CVSS
5.9
EPSS Score
25.69%
Published
2016-09-26
Updated
2022-12-13
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Max CVSS
7.8
EPSS Score
41.94%
Published
2016-09-26
Updated
2022-12-13
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Max CVSS
7.5
EPSS Score
92.98%
Published
2016-07-05
Updated
2020-06-18
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Max CVSS
5.3
EPSS Score
2.03%
Published
2016-07-05
Updated
2021-07-16
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Max CVSS
5.9
EPSS Score
1.83%
Published
2016-07-05
Updated
2021-07-16
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-01-17
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-06-27
Updated
2023-02-12
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.72%
Published
2016-09-26
Updated
2022-06-30
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
Max CVSS
4.9
EPSS Score
0.39%
Published
2016-05-02
Updated
2017-08-13
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
Max CVSS
4.9
EPSS Score
0.32%
Published
2016-05-02
Updated
2023-09-12
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
Max CVSS
5.5
EPSS Score
0.06%
Published
2016-04-27
Updated
2023-09-12
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
1.44%
Published
2016-05-02
Updated
2023-09-12
196 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!