Linux : Security Vulnerabilities (CVSS score between 8 and 8.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-14633 |
119 |
|
Overflow |
2018-09-24 |
2018-11-27 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. |
|
2 |
CVE-2017-1000251 |
119 |
|
Exec Code Overflow |
2017-09-12 |
2018-02-16 |
8.3 |
Admin |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. |
|
3 |
CVE-2015-4004 |
119 |
|
DoS Overflow +Info |
2015-06-07 |
2016-11-28 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. |
|
4 |
CVE-2011-2497 |
189 |
|
DoS Overflow Mem. Corr. |
2011-08-29 |
2012-03-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. |
|
5 |
CVE-2010-3705 |
20 |
|
DoS Mem. Corr. |
2010-11-26 |
2012-03-19 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. |
|
6 |
CVE-2008-4395 |
119 |
|
Exec Code Overflow |
2008-11-06 |
2017-08-07 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. |
Total number of vulnerabilities :
6
Page :
1
(This Page)
