CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0658 | high | — | 7.9 | 11y ago | The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary comman… | |||
| CVE-2015-7529 | high | 7.8 | 7.8 | 4y ago | sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by so… | |||
| CVE-2015-5699 | high | 7.8 | 7.8 | 9y ago | The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | |||
| CVE-2015-5675 | high | 7.8 | 7.8 | 9y ago | The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | |||
| CVE-2015-2158 | high | 7.8 | 7.8 | 9y ago | Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary c… | |||
| CVE-2015-7359 | high | 7.8 | 7.8 | 9y ago | The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation leve… | |||
| CVE-2015-7358 | high | 7.8 | 7.8 | 9y ago | The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which … | |||
| CVE-2015-6971 | high | 7.8 | 7.8 | 9y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed … | |||
| CVE-2015-3643 | high | 7.8 | 7.8 | 9y ago | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local… | |||
| CVE-2015-1537 | high | 7.8 | 7.8 | 9y ago | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | |||
| CVE-2015-1336 | high | 7.8 | 7.8 | 9y ago | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | |||
| CVE-2015-5704 | high | 7.8 | 7.8 | 9y ago | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | |||
| CVE-2015-4669 | high | 7.8 | 7.8 | 9y ago | The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. | |||
| CVE-2015-3887 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referen… | |||
| CVE-2015-4681 | high | 7.8 | 7.8 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | |||
| CVE-2015-1527 | high | 7.8 | 7.8 | 9y ago | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |||
| CVE-2015-1590 | high | 7.8 | 7.8 | 9y ago | The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | |||
| CVE-2015-2210 | high | 7.8 | 7.8 | 9y ago | The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command sh… | |||
| CVE-2015-8300 | high | 7.8 | 7.8 | 9y ago | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privilege… | |||
| CVE-2015-0974 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediapla… | |||
| CVE-2015-0114 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | |||
| CVE-2015-1324 | high | 7.8 | 7.8 | 9y ago | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17… | |||
| CVE-2015-8308 | high | 7.8 | 7.8 | 9y ago | LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | |||
| CVE-2015-3617 | high | 7.8 | 7.8 | 9y ago | Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||
| CVE-2015-7571 | high | 7.8 | 7.8 | 9y ago | Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-5946 | high | 7.8 | 7.8 | 9y ago | Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-8264 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same f… | |||
| CVE-2015-6585 | high | 7.8 | 7.8 | 9y ago | hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text ta… | |||
| CVE-2015-4035 | high | 7.8 | 7.8 | 9y ago | scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x… | |||
| CVE-2015-1438 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged… | |||
| CVE-2015-3932 | high | 7.8 | 7.8 | 9y ago | Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob… | |||
| CVE-2015-3931 | high | 7.8 | 7.8 | 9y ago | Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:… | |||
| CVE-2015-1795 | high | 7.8 | 7.8 | 9y ago | Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | |||
| CVE-2015-1591 | high | 7.8 | 7.8 | 9y ago | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | |||
| CVE-2015-9033 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. | |||
| CVE-2015-9030 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | |||
| CVE-2015-9029 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | |||
| CVE-2015-9028 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. | |||
| CVE-2015-9027 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||
| CVE-2015-9026 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||
| CVE-2015-9025 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | |||
| CVE-2015-9023 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | |||
| CVE-2015-9020 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. | |||
| CVE-2015-4596 | high | 7.8 | 7.8 | 9y ago | Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||
| CVE-2015-6240 | high | 7.8 | 7.8 | 9y ago | The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | |||
| CVE-2015-7724 | high | 7.8 | 7.8 | 9y ago | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | |||
| CVE-2015-7723 | high | 7.8 | 7.8 | 9y ago | AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | |||
| CVE-2015-9007 | high | 7.8 | 7.8 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | |||
| CVE-2015-9006 | high | 7.8 | 7.8 | 9y ago | In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | |||
| CVE-2015-9005 | high | 7.8 | 7.8 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |||
| CVE-2015-6531 | high | 7.8 | 7.8 | 9y ago | Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | |||
| CVE-2015-8089 | high | 7.8 | 7.8 | 9y ago | The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memo… | |||
| CVE-2015-9003 | high | 7.8 | 7.8 | 9y ago | In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-9002 | high | 7.8 | 7.8 | 9y ago | In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-9000 | high | 7.8 | 7.8 | 9y ago | In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-8999 | high | 7.8 | 7.8 | 9y ago | In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. | |||
| CVE-2015-8998 | high | 7.8 | 7.8 | 9y ago | In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-8995 | high | 7.8 | 7.8 | 9y ago | In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-9004 | high | 7.8 | 7.8 | 9y ago | kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_even… | |||
| CVE-2015-8110 | high | 7.8 | 7.8 | 9y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within t… | |||
| CVE-2015-8107 | high | 7.8 | 7.8 | 9y ago | Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-7270 | high | 7.8 | 7.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | |||
| CVE-2015-7260 | high | 7.8 | 7.8 | 9y ago | Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. | |||
| CVE-2015-8026 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitr… | |||
| CVE-2015-8971 | high | 7.8 | 7.8 | 10y ago | Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | |||
| CVE-2015-0854 | high | 7.8 | 7.8 | 10y ago | App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. | |||
| CVE-2015-8967 | high | 7.8 | 7.8 | 10y ago | arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileg… | |||
| CVE-2015-8966 | high | 7.8 | 7.8 | 10y ago | arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system… | |||
| CVE-2015-8961 | high | 7.8 | 7.8 | 10y ago | The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper acc… | |||
| CVE-2015-3288 | high | 7.8 | 7.8 | 10y ago | mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that trigge… | |||
| CVE-2015-8951 | high | 7.8 | 7.8 | 10y ago | Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attack… | |||
| CVE-2015-1000013 | high | 7.8 | 7.8 | 10y ago | Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||
| CVE-2015-8931 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impa… | |||
| CVE-2015-6396 | high | 7.8 | 7.8 | 10y ago | The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux5816… | |||
| CVE-2015-0568 | high | 7.8 | 7.8 | 10y ago | Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Andro… | |||
| CVE-2015-8943 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, whic… | |||
| CVE-2015-8942 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain … | |||
| CVE-2015-8941 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which all… | |||
| CVE-2015-8940 | high | 7.8 | 7.8 | 10y ago | Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android… | |||
| CVE-2015-8939 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain … | |||
| CVE-2015-8938 | high | 7.8 | 7.8 | 10y ago | The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted applicatio… | |||
| CVE-2015-8937 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges vi… | |||
| CVE-2015-8892 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with traili… | |||
| CVE-2015-8891 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a cr… | |||
| CVE-2015-8890 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows … | |||
| CVE-2015-8889 | high | 7.8 | 7.8 | 10y ago | The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android inter… | |||
| CVE-2015-8888 | high | 7.8 | 7.8 | 10y ago | Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and … | |||
| CVE-2015-5723 | high | 7.8 | 7.8 | 10y ago | Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB… | |||
| CVE-2015-5260 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host v… | |||
| CVE-2015-5228 | high | 7.8 | 7.8 | 10y ago | The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a director… | |||
| CVE-2015-8875 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attack… | |||
| CVE-2015-8156 | high | 7.8 | 7.8 | 10y ago | Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYST… | |||
| CVE-2015-8312 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | |||
| CVE-2015-0571 | high | 7.8 | 7.8 | 10y ago | The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for … | |||
| CVE-2015-0570 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) … | |||
| CVE-2015-0569 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation C… | |||
| CVE-2015-8868 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or poss… | |||
| CVE-2015-8830 | high | 7.8 | 7.8 | 10y ago | Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO … | |||
| CVE-2015-8019 | high | 7.8 | 7.8 | 10y ago | The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (… | |||
| CVE-2015-2686 | high | 7.8 | 7.8 | 10y ago | net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subs… |