CVE Daily
← All tags

Tag: Linux Kernel

All CVEs associated with "Linux Kernel". Page 138/168 • 20117 CVEs.

Subscribe CVEs: RSS for “Linux Kernel”  ·  RSS (High+Critical only)

About “Linux Kernel”

A curated feed of “Linux Kernel”-related CVEs appears below. We currently track 20117 CVEs for this tag (all time). In the last 365 days, 6176 were published. Average CVSS is 6.4 (all time; 6.4 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-476 - NULL Pointer Dereference, CWE-401 - Missing Release of Memory after Effective Lifetime, CWE-416 - Use After Free.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-04-13
Critical

CVE-2016-4899

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2016-4898

The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-4031

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-…

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
2017-04-11
Medium

CVE-2016-5011

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS p…

CVSS: 4.6 CWE: N/A View on NVD
2017-04-10
High

CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2017-7616

Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stac…

CVSS: 5.5 CWE: CWE-388 View on NVD
2017-04-07
Medium

CVE-2016-9196

A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to…

CVSS: 6.7 CWE: CWE-264 View on NVD
2017-04-06
Medium

CVE-2016-5349

The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to le…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-04-05
Medium

CVE-2017-2671

The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which al…

CVSS: 5.5 CWE: N/A View on NVD
2017-04-04
High

CVE-2016-5870

The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MS…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2016-10318

A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign…

CVSS: 6.5 CWE: CWE-264 View on NVD
Critical

CVE-2016-10229

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with…

CVSS: 9.8 CWE: CWE-358 - Improperly Implemented Security Check for Standard View on NVD
High

CVE-2014-9922

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overla…

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-04-03
High

CVE-2017-7397

BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2017-03-31
High

CVE-2017-7374

Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2014-9114

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2017-2647

The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value fo…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2017-03-30
Medium

CVE-2017-7346

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denia…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both S…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2017-03-29
High

CVE-2017-7308

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in…

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
High

CVE-2017-7294

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trig…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2017-03-28
High

CVE-2017-7277

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data str…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2017-03-27
Medium

CVE-2017-7273

The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possib…

CVSS: 6.6 CWE: N/A View on NVD
2017-03-24
Medium

CVE-2017-7261

The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2017-03-23
Critical

CVE-2017-5897

The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2017-5538

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified i…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

CVSS: 9.0 CWE: N/A View on NVD
High

CVE-2016-1602

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attacke…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2017-03-20
High

CVE-2017-7187

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact v…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-03-19
High

CVE-2017-7184

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain r…

CVSS: 7.8 CWE: N/A View on NVD
2017-03-16
Medium

CVE-2017-6951

The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key sy…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2017-03-14
Medium

CVE-2017-3899

SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request paramete…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2016-8025

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete…

CVSS: 6.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2016-8024

Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensit…

CVSS: 8.1 CWE: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') View on NVD
High

CVE-2016-8023

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentic…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2016-8022

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a den…

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2016-8021

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and exe…

CVSS: 5.0 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2016-8020

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted…

CVSS: 8.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2016-8019

Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-8018

Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a cr…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user…

CVSS: 4.1 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2016-8016

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a UR…

CVSS: 3.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2013-7461

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2013-7460

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2017-6516

A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-…

CVSS: 6.7 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2017-5985

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ow…

CVSS: 3.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-6874

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via cr…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2017-03-08
Low

CVE-2017-1150

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to vie…

CVSS: 3.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-03-07
High

CVE-2017-2636

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind sys…

CVSS: 7.0 CWE: CWE-264 View on NVD
2017-03-05
High

CVE-2017-6445

The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipu…

CVSS: 8.1 CWE: CWE-311 - Missing Encryption of Sensitive Data View on NVD
2017-03-03
Low

CVE-2015-2877

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-03-01
Medium

CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (inva…

CVSS: 5.5 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2017-6348

The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted oper…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2017-6347

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-6346

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithread…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-6345

The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possi…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2017-02-24
High

CVE-2017-5669

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and conseque…

CVSS: 7.8 CWE: N/A View on NVD
2017-02-23
High

CVE-2017-6214

The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packe…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2017-02-22
High

CVE-2016-8636

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain se…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2017-02-21
Medium

CVE-2016-9316

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Bu…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2016-9315

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earli…

CVSS: 8.8 CWE: CWE-264 View on NVD
High

CVE-2016-9314

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authent…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,…

CVSS: 9.9 CWE: CWE-264 View on NVD
2017-02-18
High

CVE-2017-6074

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2017-6001

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2017-5986

Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithr…

CVSS: 5.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2017-02-17
Medium

CVE-2017-5027

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-5026

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don'…

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2017-5025

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafte…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-5024

FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafte…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-5023

Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference v…

CVSS: 4.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2017-5022

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-5021

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…

CVSS: 4.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2017-5020

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who co…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-5019

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p…

CVSS: 6.3 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2017-5018

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a rem…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-5016

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2017-5015

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN ho…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-5014

Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bo…

CVSS: 6.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-5013

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a c…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2017-5012

A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a cr…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-5010

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitra…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-5009

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploi…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script metho…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-5006

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitr…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-02-15
Medium

CVE-2017-0318

All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2016-1883

The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-1881

The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-1880

The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "han…

CVSS: 7.8 CWE: CWE-264 View on NVD
2017-02-14
High

CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-5970

The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted sy…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2017-5967

The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by r…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-02-07
High

CVE-2016-2779

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2016-10044

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions…

CVSS: 7.8 CWE: CWE-264 View on NVD
High

CVE-2014-9914

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by…

CVSS: 7.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2017-02-06
Medium

CVE-2017-5577

The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local…

CVSS: 5.5 CWE: CWE-388 View on NVD
High

CVE-2017-5576

Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2017-5551

The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group pri…

CVSS: 4.4 CWE: N/A View on NVD
Medium

CVE-2017-5550

Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportu…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-5549

The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line sta…

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
High

CVE-2017-5548

drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or m…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-5547

drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-5546

The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possi…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2017-2596

The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service…

CVSS: 6.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
High

CVE-2017-2583

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a…

CVSS: 8.4 CWE: N/A View on NVD
Medium

CVE-2016-10208

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of servic…

CVSS: 4.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2016-10154

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (sys…

CVSS: 5.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-10153

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memor…

CVSS: 7.8 CWE: CWE-399 View on NVD
Critical

CVE-2016-10150

Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or poss…

CVSS: 9.8 CWE: CWE-264 View on NVD
Medium

CVE-2010-5328

include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of s…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
2017-01-30
Medium

CVE-2017-5573

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2017-5572

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2017-01-27
High

CVE-2016-9795

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Unive…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2017-01-23
High

CVE-2017-5182

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-01-19
Medium

CVE-2016-9650

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a…

CVSS: 4.3 CWE: CWE-19 View on NVD
Medium

CVE-2016-5226

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-5225

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Poli…

CVSS: 4.3 CWE: CWE-19 View on NVD
Medium

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote atta…

CVSS: 4.3 CWE: CWE-189 View on NVD