Vulnerabilities (CVE)

Filtered by vendor Linux Subscribe
Total 4564 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3679 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2021-09-25 2.1 LOW 5.5 MEDIUM
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
CVE-2021-38166 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 4.6 MEDIUM 7.8 HIGH
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2020-16119 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2021-09-25 4.6 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.
CVE-2021-38199 1 Linux 1 Linux Kernel 2021-09-25 3.3 LOW 6.5 MEDIUM
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
CVE-2021-37576 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 7.2 HIGH 7.8 HIGH
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
CVE-2021-40490 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2021-09-25 4.4 MEDIUM 7.0 HIGH
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-38160 1 Linux 1 Linux Kernel 2021-09-25 7.2 HIGH 7.8 HIGH
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
CVE-2021-30565 3 Fedoraproject, Google, Linux 4 Fedora, Chrome, Chrome Os and 1 more 2021-09-24 6.8 MEDIUM 8.8 HIGH
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
CVE-2021-30611 3 Fedoraproject, Google, Linux 4 Fedora, Chrome, Chrome Os and 1 more 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30612 3 Fedoraproject, Google, Linux 4 Fedora, Chrome, Chrome Os and 1 more 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-29841 2 Ibm, Linux 5 Aix, Financial Transaction Manager, Linux On Zseries and 2 more 2021-09-24 3.5 LOW 5.4 MEDIUM
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045.
CVE-2014-4611 1 Linux 1 Linux Kernel 2021-09-24 5.0 MEDIUM N/A
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
CVE-2017-3080 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 5.0 MEDIUM 7.5 HIGH
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
CVE-2017-3099 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3106 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3100 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 5.0 MEDIUM 7.5 HIGH
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
CVE-2017-3073 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3072 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3074 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 10.0 HIGH 9.8 CRITICAL
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11292 5 Adobe, Apple, Google and 2 more 8 Flash Player, Mac Os X, Macos and 5 more 2021-09-22 6.5 MEDIUM 8.8 HIGH
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.