# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
351 |
CVE-2014-6416 |
119 |
|
DoS Overflow Mem. Corr. |
2014-09-28 |
2015-04-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. |
352 |
CVE-2014-6184 |
119 |
|
Overflow +Priv |
2015-02-21 |
2015-02-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors. |
353 |
CVE-2014-5206 |
264 |
|
Bypass |
2014-08-18 |
2017-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace. |
354 |
CVE-2014-4323 |
264 |
|
+Priv |
2014-12-12 |
2014-12-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. |
355 |
CVE-2014-4322 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2014-12-24 |
2014-12-24 |
7.2 |
User |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application. |
356 |
CVE-2014-3687 |
399 |
|
DoS |
2014-11-10 |
2016-12-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. |
357 |
CVE-2014-3673 |
399 |
|
DoS |
2014-11-10 |
2016-08-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. |
358 |
CVE-2014-3631 |
|
1
|
DoS |
2014-09-28 |
2015-03-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. |
359 |
CVE-2014-3535 |
119 |
|
DoS Overflow |
2014-09-28 |
2014-11-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. |
360 |
CVE-2014-3534 |
264 |
|
+Priv |
2014-08-01 |
2017-08-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. |
361 |
CVE-2014-3153 |
264 |
1
|
+Priv |
2014-06-07 |
2017-12-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. |
362 |
CVE-2014-2706 |
362 |
|
DoS |
2014-04-14 |
2017-07-10 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. |
363 |
CVE-2014-2672 |
362 |
|
DoS |
2014-04-01 |
2014-04-19 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. |
364 |
CVE-2014-1737 |
264 |
|
+Priv |
2014-05-11 |
2017-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. |
365 |
CVE-2014-0101 |
20 |
|
DoS |
2014-03-11 |
2017-12-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. |
366 |
CVE-2014-0049 |
119 |
|
Exec Code Overflow |
2014-03-11 |
2014-03-11 |
7.4 |
None |
Local Network |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. |
367 |
CVE-2013-6282 |
20 |
|
|
2013-11-20 |
2017-09-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. |
368 |
CVE-2013-4587 |
20 |
|
+Priv |
2013-12-14 |
2014-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. |
369 |
CVE-2013-4563 |
189 |
|
DoS |
2013-11-20 |
2014-03-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. |
370 |
CVE-2013-4348 |
399 |
|
DoS |
2013-11-04 |
2014-03-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. |
371 |
CVE-2013-4300 |
264 |
|
+Priv |
2013-09-25 |
2013-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. |
372 |
CVE-2013-4247 |
189 |
|
DoS Mem. Corr. |
2013-08-24 |
2013-08-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length. |
373 |
CVE-2013-3301 |
|
|
DoS |
2013-04-29 |
2014-02-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. |
374 |
CVE-2013-2850 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-06-07 |
2013-12-05 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. |
375 |
CVE-2013-2094 |
189 |
1
|
+Priv |
2013-05-14 |
2017-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. |
376 |
CVE-2013-2017 |
399 |
|
DoS |
2013-05-03 |
2013-05-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error. |
377 |
CVE-2013-1858 |
264 |
|
+Priv |
2013-04-05 |
2013-04-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. |
378 |
CVE-2013-1763 |
20 |
3
|
+Priv |
2013-02-28 |
2014-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. |
379 |
CVE-2013-1059 |
|
|
DoS |
2013-07-08 |
2014-01-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. |
380 |
CVE-2013-0913 |
189 |
|
DoS Overflow |
2013-03-18 |
2013-06-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. |
381 |
CVE-2013-0894 |
119 |
|
DoS Overflow |
2013-02-23 |
2013-04-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. |
382 |
CVE-2012-6704 |
119 |
|
DoS Overflow Mem. Corr. |
2016-12-28 |
2016-12-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. |
383 |
CVE-2012-6703 |
|
|
DoS Overflow |
2016-06-29 |
2017-08-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. |
384 |
CVE-2012-6701 |
|
|
DoS Overflow |
2016-05-02 |
2018-06-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. |
385 |
CVE-2012-6689 |
284 |
|
|
2016-05-02 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. |
386 |
CVE-2012-6638 |
399 |
|
DoS |
2014-02-15 |
2014-02-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. |
387 |
CVE-2012-3412 |
189 |
|
DoS |
2012-10-03 |
2013-08-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. |
388 |
CVE-2012-3400 |
119 |
|
DoS Overflow |
2012-10-03 |
2016-12-07 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. |
389 |
CVE-2012-2744 |
|
|
DoS |
2012-08-09 |
2013-03-21 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. |
390 |
CVE-2012-2319 |
264 |
|
Overflow +Priv |
2012-05-17 |
2015-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. |
391 |
CVE-2012-2136 |
20 |
|
DoS Overflow +Priv |
2012-08-09 |
2013-03-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. |
392 |
CVE-2012-2123 |
264 |
|
Bypass |
2012-05-17 |
2017-12-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. |
393 |
CVE-2012-2100 |
189 |
|
DoS |
2012-07-03 |
2013-02-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307. |
394 |
CVE-2012-1097 |
|
|
DoS |
2012-05-17 |
2018-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. |
395 |
CVE-2012-0207 |
399 |
|
DoS |
2012-05-17 |
2012-05-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. |
396 |
CVE-2012-0044 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2012-05-17 |
2013-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. |
397 |
CVE-2012-0028 |
264 |
|
DoS +Priv |
2012-06-21 |
2012-06-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. |
398 |
CVE-2011-4913 |
20 |
|
DoS Overflow Mem. Corr. |
2012-06-21 |
2016-08-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. |
399 |
CVE-2011-4374 |
189 |
|
Exec Code Overflow |
2012-01-19 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. |
400 |
CVE-2011-4348 |
362 |
|
DoS |
2013-06-08 |
2013-07-25 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482. |