National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database



The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
 
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2011-2723 — The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of servic... read CVE-2011-2723
    Published: September 06, 2011; 11:55:08 AM -04:00

        V2: 5.7 MEDIUM

  • CVE-2011-2213 — The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE in... read CVE-2011-2213
    Published: August 29, 2011; 02:55:01 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2011-1093 — The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause... read CVE-2011-1093
    Published: July 18, 2011; 06:55:00 PM -04:00

        V2: 7.8 HIGH

  • CVE-2008-3534 — The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as d... read CVE-2008-3534
    Published: August 08, 2008; 03:41:00 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2008-3535 — Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrate... read CVE-2008-3535
    Published: August 08, 2008; 03:41:00 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2008-3272 — The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain da... read CVE-2008-3272
    Published: August 08, 2008; 02:41:00 PM -04:00

        V2: 2.1 LOW

  • CVE-2008-3077 — arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact vi... read CVE-2008-3077
    Published: July 08, 2008; 08:41:00 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2020-15101 — In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially unt... read CVE-2020-15101
    Published: July 14, 2020; 06:15:10 PM -04:00

    V3.1: 3.3 LOW
        V2: 4.0 MEDIUM

  • CVE-2016-5870 — The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to ca... read CVE-2016-5870
    Published: April 04, 2017; 02:59:00 PM -04:00

    V3.1: 7.8 HIGH
        V2: 4.6 MEDIUM

  • CVE-2017-5972 — The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packet... read CVE-2017-5972
    Published: February 14, 2017; 01:59:00 AM -05:00

    V3.1: 7.5 HIGH
        V2: 7.8 HIGH

  • CVE-2014-1491 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellma... read CVE-2014-1491
    Published: February 06, 2014; 12:44:25 AM -05:00

        V2: 4.3 MEDIUM

  • CVE-2014-1490 — Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to ca... read CVE-2014-1490
    Published: February 06, 2014; 12:44:25 AM -05:00

        V2: 9.3 HIGH

  • CVE-2011-3638 — fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operation... read CVE-2011-3638
    Published: March 01, 2013; 07:37:54 AM -05:00

        V2: 4.0 MEDIUM

  • CVE-2011-2491 — The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
    Published: March 01, 2013; 07:37:53 AM -05:00

        V2: 4.9 MEDIUM

  • CVE-2011-2184 — The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or... read CVE-2011-2184
    Published: September 06, 2011; 12:55:07 PM -04:00

        V2: 7.2 HIGH

  • CVE-2011-2497 — Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small comman... read CVE-2011-2497
    Published: August 29, 2011; 02:55:01 PM -04:00

        V2: 8.3 HIGH

  • CVE-2011-2928 — The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessin... read CVE-2011-2928
    Published: August 29, 2011; 01:55:00 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2011-2695 — Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number c... read CVE-2011-2695
    Published: July 28, 2011; 06:55:02 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2011-2689 — The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arra... read CVE-2011-2689
    Published: July 28, 2011; 06:55:02 PM -04:00

        V2: 4.9 MEDIUM

  • CVE-2011-2492 — The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to... read CVE-2011-2492
    Published: July 28, 2011; 06:55:01 PM -04:00

        V2: 1.9 LOW