CVE-2014-1737

HIGH Year: 2014
CVSS v2 Score
7.2
High
Weakness Type
CWE-754
View all →

Vulnerability Description

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Related Vulnerabilities

CVE-2021-0211

CRITICAL
CVSS:10.0(Critical)

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message ...

CWE-7542021

CVE-2017-20166

CRITICAL
CVSS:9.8(Critical)

Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.

CWE-7542017

CVE-2019-19646

CRITICAL
CVSS:9.8(Critical)

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

CWE-7542019

CVE-2020-10571

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.

CWE-7542020

CVE-2020-28037

CRITICAL
CVSS:9.8(Critical)

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, lead...

CWE-7542020

CVE-2020-8986

CRITICAL
CVSS:9.8(Critical)

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of re...

CWE-7542020