Vulnerabilities > Linux > Linux Kernel > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-12 | CVE-2014-4323 | Improper Input Validation vulnerability in Linux Kernel The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. | 7.5 |
2014-11-11 | CVE-2014-8442 | Permissions, Privileges, and Access Controls vulnerability in Adobe products Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. | 7.5 |
2014-11-11 | CVE-2014-0583 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors. | 7.5 |
2014-11-10 | CVE-2014-8369 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. | 7.8 |
2014-11-10 | CVE-2014-7826 | NULL Pointer Dereference vulnerability in multiple products kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | 7.8 |
2014-11-10 | CVE-2014-7825 | Out-of-bounds Read vulnerability in Linux Kernel kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application. | 7.8 |
2014-11-10 | CVE-2014-3687 | Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | 7.5 |
2014-11-10 | CVE-2014-3673 | Improper Input Validation vulnerability in multiple products The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | 7.5 |
2014-11-03 | CVE-2014-0490 | Improper Input Validation vulnerability in Debian Advanced Package Tool The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | 7.5 |
2014-09-10 | CVE-2014-0548 | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | 7.5 |