Skip to main content
CVE-2015-1328 HIGH POC THREAT Act Now

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 89.7%.

Ubuntu Privilege Escalation Linux Ubuntu Linux Linux Kernel
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
89.7%
Threat
5.8
CVE-2016-9555 CRITICAL PATCH Act Now

The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.9%.

Denial Of Service Information Disclosure Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
26.9%
CVE-2016-9313 HIGH POC PATCH This Week

security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-9644 HIGH This Week

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-9084 HIGH PATCH This Week

drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8632 HIGH This Week

The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-9083 HIGH PATCH This Week

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-8633 MEDIUM PATCH This Month

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
6.8
EPSS
0.9%
CVE-2016-9191 MEDIUM This Month

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-9178 MEDIUM PATCH This Month

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8650 MEDIUM PATCH This Month

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-8970 MEDIUM PATCH This Month

crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8646 MEDIUM PATCH This Month

The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8645 MEDIUM PATCH This Month

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-8630 MEDIUM PATCH This Month

The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy