Export limit exceeded: 12401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12401 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18634 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18634 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16644 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16645 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16646 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16647 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-16648 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. | ||||
| CVE-2017-16649 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-9150 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. | ||||
| CVE-2017-1439 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | N/A |
| IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | ||||
| CVE-2016-6755 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. | ||||
| CVE-2016-6757 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148242. References: QC-CR#1052821. | ||||
| CVE-2016-6758 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. | ||||
| CVE-2016-6759 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766. | ||||
| CVE-2016-6760 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. | ||||
| CVE-2016-6761 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792. | ||||
| CVE-2017-6264 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. | ||||
| CVE-2016-6789 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. | ||||
| CVE-2017-1000111 | 3 Debian, Linux, Redhat | 11 Debian Linux, Linux Kernel, Enterprise Linux and 8 more | 2025-04-20 | 7.8 High |
| Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. | ||||
| CVE-2017-1000112 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2025-04-20 | 7.0 High |
| Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. | ||||
| CVE-2017-15951 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.8 High |
| The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. | ||||
| CVE-2016-3695 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | ||||