Skip to main content
CVE-2015-8660 MEDIUM POC PATCH THREAT This Month

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 60.0%.

Privilege Escalation Linux Linux Kernel
NVD Exploit-DB GitHub
CVSS 3.1
6.7
EPSS
60.0%
Threat
4.6
CVE-2013-7446 MEDIUM POC PATCH This Month

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted. Rated medium severity (CVSS 5.3). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2015-7990 MEDIUM This Month

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.8
EPSS
0.0%
CVE-2015-7509 MEDIUM PATCH This Month

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.4
EPSS
0.1%
CVE-2015-6852 MEDIUM This Month

Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Secure Remote Services
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-8374 MEDIUM This Month

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
4.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy