Search Results (Refine Search)
- CPE Product Version: cpe:/o:novell:suse_linux_enterprise_server:12.0:sp1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-4486 |
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. Published: May 23, 2016; 6:59:02 AM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-4482 |
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. Published: May 23, 2016; 6:59:00 AM -0400 |
V3.0: 6.2 MEDIUM V2.0: 2.1 LOW |
CVE-2016-3951 |
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Published: May 02, 2016; 6:59:41 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3689 |
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. Published: May 02, 2016; 6:59:40 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3140 |
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Published: May 02, 2016; 6:59:39 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3138 |
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. Published: May 02, 2016; 6:59:37 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3137 |
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. Published: May 02, 2016; 6:59:36 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3136 |
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. Published: May 02, 2016; 6:59:35 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-2188 |
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Published: May 02, 2016; 6:59:32 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-2186 |
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Published: May 02, 2016; 6:59:29 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-2185 |
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Published: May 02, 2016; 6:59:28 AM -0400 |
V3.0: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-3134 |
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Published: April 27, 2016; 1:59:22 PM -0400 |
V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2016-2847 |
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. Published: April 27, 2016; 1:59:21 PM -0400 |
V3.0: 6.2 MEDIUM V2.0: 4.9 MEDIUM |