National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): linux
There are 7,326 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-6136

An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFilter in hal/ethernet/linux/ethernet_linux.c has a SEGV, as demonstrated by sv_subscriber_example.c and sv_subscriber.c.

Published: January 11, 2019; 12:29:00 PM -05:00
(not available)
CVE-2019-5892

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.

Published: January 10, 2019; 12:29:00 PM -05:00
(not available)
CVE-2018-6151

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.

Published: January 09, 2019; 02:29:10 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-0553

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Published: January 08, 2019; 04:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Published: January 07, 2019; 12:29:00 PM -05:00
(not available)
CVE-2019-3701

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).

Published: January 03, 2019; 11:29:00 AM -05:00
(not available)
CVE-2018-16885

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

Published: January 03, 2019; 11:29:00 AM -05:00
(not available)
CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable.

Published: January 03, 2019; 11:29:00 AM -05:00
(not available)
CVE-2018-20131

The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to.

Published: January 02, 2019; 08:29:00 PM -05:00
(not available)
CVE-2018-20511

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.

Published: December 27, 2018; 09:29:00 AM -05:00
(not available)
CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary.

Published: December 20, 2018; 06:29:00 PM -05:00
(not available)
CVE-2018-11988

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11987

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11986

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver.

Published: December 20, 2018; 10:29:03 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11985

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11984

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11983

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-11965

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11964

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11963

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.

Published: December 20, 2018; 10:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH