National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:3.14:rc3
There are 1,785 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2017-5206

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

Published: March 23, 2017; 12:59:00 PM -04:00
V3.0: 9.0 CRITICAL
    V2: 6.8 MEDIUM
CVE-2017-7187

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.

Published: March 20, 2017; 10:59:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-6951

The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.

Published: March 16, 2017; 02:59:00 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-3003

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3002

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3001

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-3000

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-2999

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2998

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-2997

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.

Published: March 14, 2017; 12:59:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2017-6874

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.

Published: March 14, 2017; 05:59:00 AM -04:00
V3.0: 7.0 HIGH
    V2: 6.9 MEDIUM
CVE-2017-0523

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.

Published: March 07, 2017; 08:59:02 PM -05:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2017-2636

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

Published: March 07, 2017; 05:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

Published: March 07, 2017; 04:59:00 PM -05:00
V3.0: 7.0 HIGH
    V2: 6.9 MEDIUM
CVE-2015-2877

** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Published: March 03, 2017; 06:59:00 AM -05:00
V3.0: 3.3 LOW
    V2: 2.1 LOW
CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.

Published: March 01, 2017; 03:59:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-6348

The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.

Published: March 01, 2017; 03:59:00 PM -05:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-6347

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.

Published: March 01, 2017; 03:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2017-6346

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.

Published: March 01, 2017; 03:59:00 PM -05:00
V3.0: 7.0 HIGH
    V2: 6.9 MEDIUM
CVE-2017-6345

The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.

Published: March 01, 2017; 03:59:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM