Novell » Suse Linux Enterprise Desktop : Security Vulnerabilities, CVEs, Published In 2016 (Denial of service) CVSS score >= 1
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-13
Updated
2023-09-12
CVE-2016-4997
Public exploit
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-07-03
Updated
2023-09-12
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-01-17
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
Max CVSS
4.9
EPSS Score
0.39%
Published
2016-05-02
Updated
2017-08-13
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
Max CVSS
4.9
EPSS Score
0.32%
Published
2016-05-02
Updated
2023-09-12
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
Max CVSS
5.5
EPSS Score
0.06%
Published
2016-04-27
Updated
2023-09-12
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
1.44%
Published
2016-05-02
Updated
2023-09-12
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
1.00%
Published
2016-04-27
Updated
2023-09-12
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
Max CVSS
4.9
EPSS Score
0.24%
Published
2016-05-02
Updated
2023-09-12
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
Max CVSS
4.9
EPSS Score
0.24%
Published
2016-05-02
Updated
2023-09-12
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
Max CVSS
4.9
EPSS Score
1.44%
Published
2016-05-02
Updated
2023-09-12
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Max CVSS
8.4
EPSS Score
0.16%
Published
2016-04-27
Updated
2023-09-12
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
Max CVSS
6.2
EPSS Score
0.14%
Published
2016-04-27
Updated
2023-09-12
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
9.3
EPSS Score
1.67%
Published
2016-06-13
Updated
2023-09-12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
8.8
EPSS Score
0.77%
Published
2016-06-13
Updated
2023-09-12
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
8.8
EPSS Score
1.13%
Published
2016-06-13
Updated
2023-09-12
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.35%
Published
2016-05-02
Updated
2023-09-12
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.26%
Published
2016-05-02
Updated
2023-09-12
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.27%
Published
2016-05-02
Updated
2023-09-12
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
Max CVSS
4.9
EPSS Score
0.35%
Published
2016-04-27
Updated
2023-09-12
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-06-27
Updated
2023-09-12
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
Max CVSS
5.5
EPSS Score
1.31%
Published
2016-09-20
Updated
2023-09-12
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
Max CVSS
6.5
EPSS Score
2.74%
Published
2016-09-20
Updated
2023-09-12
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
Max CVSS
5.5
EPSS Score
0.47%
Published
2016-09-20
Updated
2023-09-12
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
Max CVSS
7.5
EPSS Score
4.71%
Published
2016-09-20
Updated
2023-09-12