Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
17434 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5099 | 4 Debian, Google, Linux and 1 more | 4 Debian Linux, Chrome, Linux Kernel and 1 more | 2025-04-20 | N/A |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | ||||
| CVE-2017-5097 | 4 Debian, Google, Linux and 1 more | 4 Debian Linux, Chrome, Linux Kernel and 1 more | 2025-04-20 | N/A |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5093 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.5 Medium |
| Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | ||||
| CVE-2017-5081 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 3.3 Low |
| Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. | ||||
| CVE-2017-5080 | 4 Google, Linux, Microsoft and 1 more | 4 Chrome, Linux Kernel, Windows and 1 more | 2025-04-20 | N/A |
| A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2025-04-20 | 7.8 High |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | ||||
| CVE-2017-5059 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2025-04-20 | 8.8 High |
| Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. | ||||
| CVE-2017-5068 | 5 Apple, Google, Linux and 2 more | 8 Macos, Chrome, Linux Kernel and 5 more | 2025-04-20 | 7.5 High |
| Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. | ||||
| CVE-2017-5054 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2025-04-20 | 8.8 High |
| An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | ||||
| CVE-2017-5049 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-04-20 | N/A |
| An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| CVE-2017-5044 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.3 Medium |
| Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5050 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2025-04-20 | N/A |
| An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| CVE-2017-1000255 | 3 Ibm, Linux, Redhat | 4 Powerpc Power8, Powerpc Power9, Linux Kernel and 1 more | 2025-04-20 | N/A |
| On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. | ||||
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-04-20 | N/A |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | ||||
| CVE-2017-3112 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Macos, Chrome Os and 8 more | 2025-04-20 | N/A |
| An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||
| CVE-2017-0629 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833. | ||||
| CVE-2017-3100 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-20 | 6.5 Medium |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | ||||
| CVE-2017-3076 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | N/A |
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3080 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-20 | 6.5 Medium |
| Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. | ||||
| CVE-2017-3059 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | N/A |
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | ||||