National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): linux
There are 7,470 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2017-15835

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.

Published: December 07, 2018; 09:29:00 AM -05:00
V3: 6.5 MEDIUM
V2: 3.3 LOW
CVE-2017-14888

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.

Published: December 07, 2018; 09:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-19939

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.

Published: December 07, 2018; 04:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-15332

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

Published: December 06, 2018; 08:29:00 AM -05:00
V3: 7.0 HIGH
V2: 4.4 MEDIUM
CVE-2018-19854

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

Published: December 04, 2018; 11:29:00 AM -05:00
V3: 4.7 MEDIUM
V2: 1.9 LOW
CVE-2018-19824

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

Published: December 03, 2018; 12:29:00 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.

Published: December 03, 2018; 12:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-15715

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.

Published: November 30, 2018; 03:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.

Published: November 30, 2018; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5919

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a use after free issue in WLAN host driver can lead to device reboot.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5910

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5909

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow occur may occur in display handlers due to lack of checking in buffer size before copying into it and will lead to memory corruption.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5908

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5906

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in debugfs module due to lack of check in size of input before copying into buffer.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5904

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5861

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-5856

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, due to a race condition, a Use After Free condition can occur in Audio.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-11995

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11956

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-11946

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication.

Published: November 27, 2018; 11:29:01 AM -05:00
V3: 6.5 MEDIUM
V2: 6.1 MEDIUM