Skip to main content
CVE-2016-1575 HIGH POC PATCH This Week

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Ubuntu Core Ubuntu Linux +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2016-1576 HIGH POC PATCH This Week

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Ubuntu Core Ubuntu Linux Ubuntu Touch +1
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-2854 HIGH POC This Week

The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-2853 HIGH POC This Week

The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-1350 MEDIUM POC PATCH This Month

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-3136 MEDIUM POC This Month

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-3140 MEDIUM POC This Month

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +7
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-2188 MEDIUM POC PATCH This Month

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD Exploit-DB GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-2186 MEDIUM POC PATCH This Month

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-2185 MEDIUM POC PATCH This Month

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2015-8746 HIGH PATCH This Week

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2012-6701 HIGH PATCH This Week

Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-8830 HIGH PATCH This Week

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8019 HIGH This Week

The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-2686 HIGH This Week

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2012-6689 HIGH PATCH This Week

The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-2070 HIGH PATCH This Week

The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2016-2117 HIGH PATCH This Week

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Vm Server Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2014-9717 MEDIUM PATCH This Month

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.0
6.1
EPSS
0.0%
CVE-2015-4176 MEDIUM PATCH This Month

fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-4178 MEDIUM PATCH This Month

The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-4177 MEDIUM PATCH This Month

The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-2672 MEDIUM PATCH This Month

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Canonical Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-1573 MEDIUM PATCH This Month

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-8839 MEDIUM This Month

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2016-2053 MEDIUM PATCH This Month

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.7
EPSS
0.1%
CVE-2015-4170 MEDIUM PATCH This Month

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Denial Of Service Race Condition Linux Linux Kernel Enterprise Linux Compute Node Eus +4
NVD GitHub
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-3689 MEDIUM PATCH This Month

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Live Patching +6
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2015-8324 MEDIUM PATCH This Month

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-3951 MEDIUM PATCH This Month

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Ubuntu Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-2187 MEDIUM PATCH This Month

The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3138 MEDIUM This Month

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3137 MEDIUM This Month

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy