Export limit exceeded: 10188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18722 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18722 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8428 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428. | ||||
| CVE-2016-8966 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2017-5033 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 4.3 Medium |
| Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | ||||
| CVE-2016-8427 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799885. References: N-CVE-2016-8427. | ||||
| CVE-2016-8426 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426. | ||||
| CVE-2016-8425 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425. | ||||
| CVE-2016-6776 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. | ||||
| CVE-2017-16939 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-20 | 7.8 High |
| The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. | ||||
| CVE-2016-8415 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596. | ||||
| CVE-2017-5034 | 4 Google, Linux, Microsoft and 1 more | 4 Chrome, Linux Kernel, Windows and 1 more | 2025-04-20 | N/A |
| A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||||
| CVE-2017-1520 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | N/A |
| IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | ||||
| CVE-2017-5897 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 9.8 Critical |
| The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | ||||
| CVE-2017-10663 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.8 High |
| The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-6775 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. | ||||
| CVE-2017-5986 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. | ||||
| CVE-2017-2596 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. | ||||
| CVE-2017-5042 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 5.7 Medium |
| Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. | ||||
| CVE-2017-6074 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2025-04-20 | 7.8 High |
| The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | ||||
| CVE-2017-5043 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2025-04-20 | 8.8 High |
| Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | ||||
| CVE-2016-8961 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||