Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
Max CVSS
7.8
EPSS Score
0.06%
Published
2017-10-05
Updated
2023-01-17
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
Max CVSS
5.5
EPSS Score
0.06%
Published
2017-11-30
Updated
2023-02-12
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
Max CVSS
6.9
EPSS Score
0.04%
Published
2017-11-15
Updated
2019-05-08
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
Max CVSS
7.6
EPSS Score
0.08%
Published
2017-08-19
Updated
2024-03-14
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
Max CVSS
7.5
EPSS Score
0.13%
Published
2017-06-26
Updated
2017-06-30
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-30
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.03%
Published
2017-05-09
Updated
2023-01-30
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-27
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.35%
Published
2017-05-09
Updated
2023-01-27
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-27
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-27
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
45.23%
Published
2017-05-09
Updated
2023-01-27
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
Max CVSS
8.8
EPSS Score
1.66%
Published
2017-02-13
Updated
2019-08-06
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
Max CVSS
7.0
EPSS Score
0.04%
Published
2017-08-10
Updated
2023-02-13
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!