Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2013-03-22 CVE-2013-1860 Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. Ubuntu_linux, Linux_kernel N/A
2013-04-05 CVE-2013-1858 The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. Linux_kernel N/A
2013-03-22 CVE-2013-1848 fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. Linux_kernel N/A
2013-03-22 CVE-2013-1828 The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. Linux_kernel N/A
2013-03-22 CVE-2013-1827 net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. Linux_kernel N/A
2013-03-22 CVE-2013-1826 The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. Linux_kernel N/A
2013-03-06 CVE-2013-1819 The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. Linux_kernel N/A
Remaining NVD entries (unprocessed / no code available): ~268038 :
Date Id Summary Products Score Patch
2024-11-29 CVE-2024-45495 MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. N/A N/A
2024-11-29 CVE-2024-35451 LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. N/A N/A
2024-11-29 CVE-2024-48651 In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. N/A N/A
2024-11-29 CVE-2024-54123 Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. N/A N/A
2024-11-29 CVE-2024-54124 In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. N/A N/A
2024-11-29 CVE-2024-11978 DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. N/A 7.5
2024-11-29 CVE-2024-11979 DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. N/A 9.8