Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Total 10371 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-3003 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.
CVE-2017-0454 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.
CVE-2017-2927 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-0606 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.
CVE-2017-17806 6 Canonical, Debian, Linux and 3 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-20 7.2 HIGH 7.8 HIGH
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.
CVE-2016-6756 1 Linux 1 Linux Kernel 2025-04-20 2.6 LOW 4.7 MEDIUM
An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068.
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2025-04-20 2.1 LOW 6.5 MEDIUM
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2017-2937 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.
CVE-2017-5053 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2025-04-20 6.8 MEDIUM 9.6 CRITICAL
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
CVE-2017-5206 2 Firejail Project, Linux 2 Firejail, Linux Kernel 2025-04-20 6.8 MEDIUM 9.0 CRITICAL
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
CVE-2016-8457 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.
CVE-2016-8398 1 Linux 1 Linux Kernel 2025-04-20 10.0 HIGH 9.8 CRITICAL
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.
CVE-2017-2984 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-5066 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.
CVE-2017-0447 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560.
CVE-2017-2926 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-5045 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
CVE-2017-0582 1 Linux 1 Linux Kernel 2025-04-20 7.6 HIGH 7.0 HIGH
An elevation of privilege vulnerability in the HTC OEM fastboot command could enable a local malicious application to execute arbitrary code within the context of the sensor hub. This issue is rated as Moderate because it first requires exploitation of separate vulnerabilities. Product: Android. Versions: Kernel-3.10. Android ID: A-33178836.
CVE-2017-5069 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.
CVE-2017-5043 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.