# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-10902 |
415 |
|
+Priv |
2018-08-21 |
2019-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. |
2 |
CVE-2017-16997 |
426 |
|
+Priv |
2017-12-18 |
2020-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. |
3 |
CVE-2016-7035 |
285 |
|
+Priv |
2018-09-10 |
2019-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. |
4 |
CVE-2016-0758 |
|
|
Overflow +Priv |
2016-06-27 |
2016-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. |
5 |
CVE-2015-7529 |
59 |
|
+Priv +Info |
2017-11-06 |
2019-09-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. |
6 |
CVE-2015-5287 |
59 |
|
+Priv |
2015-12-07 |
2016-12-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. |
7 |
CVE-2015-5277 |
119 |
|
DoS Overflow +Priv |
2015-12-17 |
2017-07-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. |
8 |
CVE-2015-5157 |
264 |
|
+Priv |
2015-08-31 |
2016-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. |
9 |
CVE-2015-1211 |
|
|
+Priv |
2015-02-06 |
2021-09-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. |
10 |
CVE-2015-0239 |
269 |
|
DoS +Priv |
2015-03-02 |
2020-05-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. |
11 |
CVE-2015-0192 |
|
|
+Priv |
2015-07-02 |
2019-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. |
12 |
CVE-2014-9273 |
119 |
|
Exec Code Overflow +Priv |
2014-12-08 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. |
13 |
CVE-2014-8169 |
264 |
|
+Priv |
2015-03-18 |
2018-10-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. |
14 |
CVE-2014-0069 |
119 |
|
DoS Overflow +Priv Mem. Corr. +Info |
2014-02-28 |
2020-08-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. |
15 |
CVE-2013-4344 |
120 |
|
Overflow +Priv |
2013-10-04 |
2020-08-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. |
16 |
CVE-2012-3515 |
20 |
|
+Priv |
2012-11-23 |
2020-08-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." |
17 |
CVE-2011-2517 |
119 |
|
Overflow +Priv |
2012-05-24 |
2020-07-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. |
18 |
CVE-2011-2022 |
20 |
|
DoS +Priv |
2011-05-09 |
2020-07-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. |
19 |
CVE-2011-1745 |
190 |
|
DoS Overflow +Priv |
2011-05-09 |
2020-08-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. |
20 |
CVE-2009-3080 |
129 |
|
DoS +Priv |
2009-11-20 |
2020-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. |
21 |
CVE-2009-2848 |
269 |
|
DoS +Priv Mem. Corr. |
2009-08-18 |
2020-08-28 |
5.9 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Complete |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. |