Filtered by vendor Linux
Subscriptions
Total
6998 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-7191 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-08-05 | N/A |
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | ||||
CVE-2018-6927 | 4 Canonical, Debian, Linux and 1 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-08-05 | N/A |
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | ||||
CVE-2018-6693 | 2 Linux, Mcafee | 3 Linux Kernel, Endpoint Security For Linux Threat Prevention, Endpoint Security Linux Threat Prevention | 2024-08-05 | 5.3 Medium |
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files. | ||||
CVE-2018-6412 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | ||||
CVE-2018-6237 | 2 Linux, Trendmicro | 2 Linux Kernel, Smart Protection Server | 2024-08-05 | N/A |
A vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow an unauthenticated remote attacker to manipulate the product to send a large number of specially crafted HTTP requests to potentially cause the file system to fill up, eventually causing a denial of service (DoS) situation. | ||||
CVE-2018-6151 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Chrome and 7 more | 2024-08-05 | N/A |
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. | ||||
CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | 5.5 Medium |
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | ||||
CVE-2018-5995 | 1 Linux | 1 Linux Kernel | 2024-08-05 | N/A |
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | ||||
CVE-2018-5814 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | ||||
CVE-2018-5803 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-08-05 | N/A |
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | ||||
CVE-2018-5750 | 4 Canonical, Debian, Linux and 1 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-08-05 | N/A |
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | ||||
CVE-2018-5703 | 1 Linux | 1 Linux Kernel | 2024-08-05 | 9.8 Critical |
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. | ||||
CVE-2018-5390 | 8 A10networks, Canonical, Cisco and 5 more | 47 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 44 more | 2024-08-05 | 7.5 High |
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | ||||
CVE-2018-5391 | 7 Canonical, Debian, F5 and 4 more | 80 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 77 more | 2024-08-05 | 7.5 High |
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. | ||||
CVE-2018-5344 | 3 Canonical, Linux, Redhat | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more | 2024-08-05 | N/A |
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. | ||||
CVE-2018-5332 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-08-05 | 7.8 High |
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | ||||
CVE-2018-5333 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-08-05 | N/A |
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | ||||
CVE-2018-5000 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-08-05 | N/A |
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. | ||||
CVE-2018-5002 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-08-05 | N/A |
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
CVE-2018-5007 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2024-08-05 | N/A |
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. |