Vulnerabilities > Linux > Linux Kernel > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2018-10350 SQL Injection vulnerability in Trendmicro Smart Protection Server
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php.
network
low complexity
trendmicro linux CWE-89
critical
9.0
2018-01-16 CVE-2018-5703 Out-of-bounds Write vulnerability in Linux Kernel
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
network
low complexity
linux CWE-787
critical
9.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-11-14 CVE-2017-6264 Out-of-bounds Read vulnerability in Linux Kernel
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process.
network
linux CWE-125
critical
9.3
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine apple linux CWE-276
critical
9.0
2017-08-29 CVE-2017-13715 Improper Initialization vulnerability in Linux Kernel
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
network
low complexity
linux CWE-665
critical
9.8
2017-08-09 CVE-2017-12762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow.
network
low complexity
linux canonical CWE-119
critical
9.8
2017-06-20 CVE-2017-3075 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class.
network
low complexity
adobe microsoft apple google linux CWE-416
critical
10.0
2017-06-20 CVE-2017-3076 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
10.0
2017-06-20 CVE-2017-3077 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Flash Player
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser.
network
low complexity
adobe microsoft apple google linux CWE-119
critical
10.0