CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5970 – kernel: ipv4: Invalid IP options could cause skb->dst drop
https://notcve.org/view.php?id=CVE-2017-5970
14 Feb 2017 — The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. La función ipv4_pktinfo_prepare en net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 4.9.9 permite a atacantes provocar una denegación de servicio (caída de sistema) a través de (1) una aplicación que hace llamadas de sistema manipulada... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644 • CWE-476: NULL Pointer Dereference •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5967
https://notcve.org/view.php?id=CVE-2017-5967
14 Feb 2017 — The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. El subsistema de tiempo en el kernel de Linux hasta la versión 4.9.9, cuando CONFIG_TIMER_STATS está habilitado, permite a usuarios locales... • http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 3CVE-2017-5972 – Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5972
14 Feb 2017 — The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. La pila TCP en el kernel de Linux versio... • https://www.exploit-db.com/exploits/41350 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0432
https://notcve.org/view.php?id=CVE-2017-0432
08 Feb 2017 — An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719. • http://www.securityfocus.com/bid/96067 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8419
https://notcve.org/view.php?id=CVE-2016-8419
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. • http://www.securityfocus.com/bid/96047 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0439
https://notcve.org/view.php?id=CVE-2017-0439
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. • http://www.securityfocus.com/bid/96047 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0449
https://notcve.org/view.php?id=CVE-2017-0449
08 Feb 2017 — An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. • http://www.securityfocus.com/bid/96110 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0443
https://notcve.org/view.php?id=CVE-2017-0443
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. • http://www.securityfocus.com/bid/96047 •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0447
https://notcve.org/view.php?id=CVE-2017-0447
08 Feb 2017 — An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560. • http://www.securityfocus.com/bid/96054 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8421
https://notcve.org/view.php?id=CVE-2016-8421
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. • http://www.securityfocus.com/bid/96047 • CWE-264: Permissions, Privileges, and Access Controls •