CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 0CVE-2024-1151 – Kernel: stack overflow problem in open vswitch kernel module leading to dos
https://notcve.org/view.php?id=CVE-2024-1151
11 Feb 2024 — A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. Se informó una vulnerabilidad en el subcomponente Open vSwitch del kernel de Linux. • https://access.redhat.com/errata/RHSA-2024:4823 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51779 – kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
https://notcve.org/view.php?id=CVE-2023-51779
25 Dec 2023 — bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. bt_sock_recvmsg en net/bluetooth/af_bluetooth.c en el kernel de Linux hasta 6.6.8 tiene un use-after-free debido a una condición de ejecución bt_sock_ioctl. A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer ("skb"). This fla... • https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7553 – kernel: nfnetlink race in NETLINK_NFLOG socket creation
https://notcve.org/view.php?id=CVE-2015-7553
14 Sep 2017 — Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. Una condición de carrera en el kernel en Red Hat Enterprise Linux 7, kernel-rt y Red Hat Enterprise MRG 2 permite que usuarios locales provoquen una denegación de servicio (pánico) mediante la creación de sockets netlink cuando se carga el módulo nfnetlink_log. A race-condition flaw wa... • https://bugzilla.redhat.com/show_bug.cgi?id=1288934 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7857 – Adobe Flash AVSegmentedSource Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7857
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7858 – Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7858
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7859 – Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7859
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 11%CPEs: 26EXPL: 0CVE-2016-7860 – Adobe Flash AdvertisingMetadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7860
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ad... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 11%CPEs: 26EXPL: 0CVE-2016-7861 – Adobe Flash Player Metadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7861
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ad... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7862 – Adobe Flash MovieClip constructor Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7862
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •