linux
by Debian
Source repositories
CVEs (3,008)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17856 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. | ||
| CVE-2017-17855 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. | ||
| CVE-2017-17854 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | ||
| CVE-2017-17853 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. | ||
| CVE-2017-17852 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. | ||
| CVE-2017-16996 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. | ||
| CVE-2017-17806 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash… | ||
| CVE-2017-17805 | Hig | 0.51 | 7.8 | 0.00 | Dec 20, 2017 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free… | ||
| CVE-2017-17789 | Hig | 0.51 | 7.8 | 0.02 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | ||
| CVE-2017-17787 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | ||
| CVE-2017-17786 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | ||
| CVE-2017-17785 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | ||
| CVE-2017-17784 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2017 | In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | ||
| CVE-2017-15868 | Hig | 0.51 | 7.8 | 0.00 | Dec 5, 2017 | The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | ||
| CVE-2017-2919 | Hig | 0.51 | 7.8 | 0.02 | Nov 20, 2017 | An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability | ||
| CVE-2017-2896 | Hig | 0.51 | 7.8 | 0.02 | Nov 20, 2017 | An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | ||
| CVE-2017-12608 | Hig | 0.51 | 7.8 | 0.03 | Nov 20, 2017 | A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code… | ||
| CVE-2017-12607 | Hig | 0.51 | 7.8 | 0.03 | Nov 20, 2017 | A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | ||
| CVE-2017-1000229 | Hig | 0.51 | 7.8 | 0.02 | Nov 17, 2017 | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | ||
| CVE-2017-15115 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2017 | The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other… |
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
- risk 0.51cvss 7.8epss 0.01
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash…
- risk 0.51cvss 7.8epss 0.00
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free…
- risk 0.51cvss 7.8epss 0.02
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
- risk 0.51cvss 7.8epss 0.01
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
- risk 0.51cvss 7.8epss 0.00
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
- risk 0.51cvss 7.8epss 0.02
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability
- risk 0.51cvss 7.8epss 0.02
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
- risk 0.51cvss 7.8epss 0.03
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code…
- risk 0.51cvss 7.8epss 0.03
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
- risk 0.51cvss 7.8epss 0.02
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
- risk 0.51cvss 7.8epss 0.00
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other…
Page 29 of 151