Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-4914

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-21 Jun, 2012 | 23:00
Updated At-07 Aug, 2024 | 00:23
Rejected At-
Credits

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:21 Jun, 2012 | 23:00
Updated At:07 Aug, 2024 | 00:23
Rejected At:
▼CVE Numbering Authority (CNA)

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=770777
x_refsource_CONFIRM
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2011/12/28/2
mailing-list
x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=770777
Resource:
x_refsource_CONFIRM
Hyperlink: http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2011/12/28/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=770777
x_refsource_CONFIRM
x_transferred
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
x_refsource_CONFIRM
x_transferred
https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2011/12/28/2
mailing-list
x_refsource_MLIST
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=770777
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2011/12/28/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:21 Jun, 2012 | 23:55
Updated At:29 Apr, 2026 | 01:13

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.4MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
Type: Primary
Version: 2.0
Base score: 6.4
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CPE Matches

Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions up to 2.6.38.8(inclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc6:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc7:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38
cpe:2.3:o:linux:linux_kernel:2.6.38:rc8:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.1
cpe:2.3:o:linux:linux_kernel:2.6.38.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.2
cpe:2.3:o:linux:linux_kernel:2.6.38.2:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.3
cpe:2.3:o:linux:linux_kernel:2.6.38.3:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.4
cpe:2.3:o:linux:linux_kernel:2.6.38.4:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.5
cpe:2.3:o:linux:linux_kernel:2.6.38.5:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.6
cpe:2.3:o:linux:linux_kernel:2.6.38.6:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.38.7
cpe:2.3:o:linux:linux_kernel:2.6.38.7:*:*:*:*:*:*:*
Novell
novell
>>suse_linux_enterprise_server>>10.0
cpe:2.3:o:novell:suse_linux_enterprise_server:10.0:sp4:*:*:ltss:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39secalert@redhat.com
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlsecalert@redhat.com
Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/12/28/2secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=770777secalert@redhat.com
Issue Tracking
VDB Entry
https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52secalert@redhat.com
Exploit
Patch
http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/12/28/2af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=770777af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
VDB Entry
https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Hyperlink: http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2011/12/28/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=770777
Source: secalert@redhat.com
Resource:
Issue Tracking
VDB Entry
Hyperlink: https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2011/12/28/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=770777
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
VDB Entry
Hyperlink: https://github.com/torvalds/linux/commit/e0bccd315db0c2f919e7fcf9cb60db21d9986f52
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch

Change History

0
Information is not available yet

Similar CVEs

491Records found

CVE-2015-4512
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.4||MEDIUM
EPSS-3.49% / 87.72%
||
7 Day CHG~0.00%
Published-24 Sep, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering.

Action-Not Available
Vendor-n/aMozilla CorporationLinux Kernel Organization, Inc
Product-firefoxlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-4.08% / 89.47%
||
7 Day CHG~0.00%
Published-01 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Action-Not Available
Vendor-trustixn/aLinux Kernel Organization, IncUbuntuRed Hat, Inc.SUSE
Product-linux_advanced_workstationubuntu_linuxsuse_linuxfedora_coreenterprise_linux_desktopsecure_linuxlinux_kernelenterprise_linuxn/a
CVE-2019-19770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-2.45% / 82.38%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:39
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CVE-2014-3180
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.1||CRITICAL
EPSS-0.94% / 56.63%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 19:22
Updated-06 Aug, 2024 | 10:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelchrome_oskernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-20399
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-1.79% / 75.67%
||
7 Day CHG~0.00%
Published-27 Jul, 2021 | 11:25
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-4949
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-4.75% / 90.80%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 14:25
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-38948
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-1.97% / 78.03%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2007-2172
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.43% / 34.65%
||
7 Day CHG~0.00%
Published-22 Apr, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3532
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.45% / 35.76%
||
7 Day CHG~0.00%
Published-19 Jul, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.

Action-Not Available
Vendor-mageian/aopenSUSEOracle CorporationLinux Kernel Organization, Incfreedesktop.orgDebian GNU/Linux
Product-debian_linuxdbusmageiasolarislinux_kernelopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9980
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-0.12% / 2.51%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0615
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.71%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-26273
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.65%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 17:04
Updated-06 Nov, 2024 | 21:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar security bypass

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelSecurity QRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1093
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.30% / 67.02%
||
7 Day CHG~0.00%
Published-17 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.

Action-Not Available
Vendor-n/aNovell
Product-zenworks_configuration_managementn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11232
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.55%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 04:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43903
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 44.71%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 23:49
Updated-26 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9969
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.85%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1522
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 35.15%
||
7 Day CHG~0.00%
Published-10 Apr, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1528
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 35.43%
||
7 Day CHG~0.00%
Published-18 May, 2006 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0620
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.63% / 45.88%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-androidlinux_kernelAndroid
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0458
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-1.58% / 72.49%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9795
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 41.07%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)IBM CorporationOracle CorporationLinux Kernel Organization, IncBroadcom Inc.HP Inc.
Product-universal_job_management_agenthp-uxclient_automationca_workload_automation_aesystemedgevirtual_assurance_for_infrastructure_managerssystems_performance_for_infrastructure_managersaixsolarislinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43929
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.74% / 50.10%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 16:57
Updated-17 Mar, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

Action-Not Available
Vendor-Oracle CorporationHP Inc.Microsoft CorporationLinux Kernel Organization, IncIBM Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9919
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.67% / 92.05%
||
7 Day CHG~0.00%
Published-08 Dec, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0463
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-1.48% / 70.74%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33277611. References: QC-CR#1101792.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8650
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 32.58%
||
7 Day CHG~0.00%
Published-28 Nov, 2016 | 03:01
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8442
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.37% / 29.12%
||
7 Day CHG~0.00%
Published-12 Jan, 2017 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-8437
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 72.82%
||
7 Day CHG+0.01%
Published-12 Jan, 2017 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9191
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 34.11%
||
7 Day CHG~0.00%
Published-28 Nov, 2016 | 03:01
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9168
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-1.47% / 70.67%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 06:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryNovell eDirectory
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25643
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-3.29% / 87.00%
||
7 Day CHG+0.04%
Published-06 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-starwindsoftwaren/aNetApp, Inc.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-debian_linuxlinux_kernelstarwind_virtual_sanenterprise_linuxh410c_firmwareh410cleapkernel
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43875
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.18% / 8.10%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 18:45
Updated-16 Apr, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms denial of service

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations. IBM X-Force ID: 240034.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-linux_on_ibm_zaixfinancial_transaction_managerlinux_kernelFinancial Transaction Manager for SWIFT Services for Multiplatforms
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43863
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.74% / 50.15%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 21:25
Updated-25 Feb, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM QRadar SIEM privilege escalation

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM Corporation
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-9124
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.42%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 19:12
Updated-05 Jun, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncGoogle LLCApple Inc.
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6197
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 38.36%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, Inc
Product-vm_serverlinuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-0744
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.46% / 36.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2006 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6162
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.98%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9880
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.23% / 13.51%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-30 May, 2026 | 03:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9986
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 4.08%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-29 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9982
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.3||HIGH
EPSS-0.18% / 8.22%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 22:25
Updated-01 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2549
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2839
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.79% / 75.69%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.

Action-Not Available
Vendor-n/aFFmpegMozilla CorporationLinux Kernel Organization, Inc
Product-firefoxlinux_kernelffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2207
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-8.4||HIGH
EPSS-18.10% / 96.84%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression.

Action-Not Available
Vendor-n/aApple Inc.Symantec CorporationLinux Kernel Organization, Inc
Product-mail_security_for_microsoft_exchangenorton_power_erasernorton_bootable_removal_toolnorton_security_with_backupnorton_antivirusmacosnorton_360protection_engineendpoint_protectionlinux_kernelngcnorton_internet_securitymail_security_for_dominomessage_gatewaymessage_gateway_for_service_providersdata_center_security_servernorton_securityprotection_for_sharepoint_serversadvanced_threat_protectioncsapin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2548
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.45% / 36.13%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10087
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 36.81%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 13:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2006-1858
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-6.16% / 92.62%
||
7 Day CHG~0.00%
Published-22 May, 2006 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7961
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 6.68%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-07 May, 2026 | 02:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Permissions in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to leak cross-origin data via malicious network traffic. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7945
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-3.1||LOW
EPSS-0.20% / 9.95%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-06 May, 2026 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2005-3055
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.45% / 36.19%
||
7 Day CHG~0.00%
Published-26 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7943
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.2||MEDIUM
EPSS-0.16% / 5.86%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-06 May, 2026 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7962
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 6.79%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 18:12
Updated-07 May, 2026 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found