The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
Max CVSS
10.0
EPSS Score
0.32%
Published
2019-11-27
Updated
2019-12-18
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
Max CVSS
10.0
EPSS Score
1.50%
Published
2019-08-07
Updated
2023-01-19
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Max CVSS
10.0
EPSS Score
22.70%
Published
2019-03-27
Updated
2021-06-02
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
Max CVSS
10.0
EPSS Score
2.62%
Published
2019-05-02
Updated
2023-01-19
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
Max CVSS
10.0
EPSS Score
1.66%
Published
2019-11-27
Updated
2023-02-12
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Max CVSS
10.0
EPSS Score
2.45%
Published
2019-11-29
Updated
2023-02-12
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
Max CVSS
10.0
EPSS Score
0.06%
Published
2019-08-21
Updated
2023-04-19
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
Max CVSS
10.0
EPSS Score
2.27%
Published
2019-08-23
Updated
2023-01-19
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
Max CVSS
10.0
EPSS Score
0.71%
Published
2019-08-23
Updated
2022-11-16
In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array.
Max CVSS
9.8
EPSS Score
0.78%
Published
2019-07-27
Updated
2019-09-27
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.
Max CVSS
9.8
EPSS Score
0.50%
Published
2019-07-27
Updated
2022-11-03
In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-07-27
Updated
2022-11-03
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
Max CVSS
9.8
EPSS Score
0.47%
Published
2019-07-27
Updated
2023-01-19
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
Max CVSS
9.8
EPSS Score
0.41%
Published
2019-07-27
Updated
2023-01-17
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
Max CVSS
9.8
EPSS Score
1.31%
Published
2019-02-22
Updated
2021-06-02
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
Max CVSS
9.8
EPSS Score
1.71%
Published
2019-06-14
Updated
2023-02-12
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.09%
Published
2019-11-29
Updated
2023-02-12
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
Max CVSS
9.8
EPSS Score
1.06%
Published
2019-11-29
Updated
2023-02-12
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
Max CVSS
9.8
EPSS Score
0.86%
Published
2019-09-24
Updated
2022-11-03
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
Max CVSS
9.8
EPSS Score
1.21%
Published
2019-10-04
Updated
2022-11-03
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Max CVSS
9.8
EPSS Score
0.70%
Published
2019-11-07
Updated
2021-06-22
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
Max CVSS
9.8
EPSS Score
0.57%
Published
2019-11-07
Updated
2020-08-12
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
Max CVSS
9.4
EPSS Score
1.89%
Published
2019-09-04
Updated
2023-01-19
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Max CVSS
9.3
EPSS Score
0.82%
Published
2019-05-07
Updated
2022-11-03
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
Max CVSS
9.3
EPSS Score
0.24%
Published
2019-11-27
Updated
2022-11-03
293 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!