Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Filtered by product Linux Kernel
Total 18182 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2933 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2932 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2931 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2930 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2928 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2927 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2926 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2925 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2026-06-17 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2671 1 Linux 1 Linux Kernel 2026-06-17 4.9 MEDIUM 5.5 MEDIUM
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVE-2017-2647 1 Linux 1 Linux Kernel 2026-06-17 7.2 HIGH 7.8 HIGH
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
CVE-2017-2636 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-06-17 6.9 MEDIUM 7.0 HIGH
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
CVE-2017-2634 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2026-06-17 7.8 HIGH 7.5 HIGH
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
CVE-2017-2618 3 Debian, Linux, Redhat 8 Debian Linux, Linux Kernel, Enterprise Linux and 5 more 2026-06-17 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
CVE-2017-2596 1 Linux 1 Linux Kernel 2026-06-17 4.9 MEDIUM 6.5 MEDIUM
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
CVE-2017-2584 1 Linux 1 Linux Kernel 2026-06-17 3.6 LOW 7.1 HIGH
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2017-2583 1 Linux 1 Linux Kernel 2026-06-17 4.6 MEDIUM 8.4 HIGH
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
CVE-2017-20006 2 Linux, Rarlab 2 Linux Kernel, Unrar 2026-06-17 6.8 MEDIUM 7.8 HIGH
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
CVE-2017-1677 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2026-06-17 4.6 MEDIUM 7.4 HIGH
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.
CVE-2017-1571 3 Ibm, Linux, Microsoft 3 Db2, Linux Kernel, Windows 2026-06-17 2.1 LOW 5.1 MEDIUM
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.
CVE-2017-1520 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2026-06-17 4.3 MEDIUM 3.7 LOW
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.