Vulnerabilities > Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-24 CVE-2018-12714 Out-of-bounds Write vulnerability in Linux Kernel
An issue was discovered in the Linux kernel through 4.17.2.
network
low complexity
linux CWE-787
critical
9.8
2018-06-01 CVE-2016-10609 Cryptographic Issues vulnerability in Chromedriver126 Project Chromedriver126
chromedriver126 is chromedriver version 1.26 for linux OS.
9.3
2018-05-25 CVE-2018-10350 SQL Injection vulnerability in Trendmicro Smart Protection Server
A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw within the handling of parameters provided to wcs\_bwlists\_handler.php.
network
low complexity
trendmicro linux CWE-89
critical
9.0
2018-01-16 CVE-2018-5703 Out-of-bounds Write vulnerability in Linux Kernel
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.
network
low complexity
linux CWE-787
critical
9.8
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-11-14 CVE-2017-6264 Out-of-bounds Read vulnerability in Linux Kernel
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process.
network
linux CWE-125
critical
9.3
2017-10-27 CVE-2017-5055 Use After Free vulnerability in Google Chrome
A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
google linux microsoft CWE-416
critical
9.3
2017-08-29 CVE-2017-12763 Incorrect Default Permissions vulnerability in Nomachine
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
network
low complexity
nomachine apple linux CWE-276
critical
9.0
2017-08-29 CVE-2017-13715 Improper Initialization vulnerability in Linux Kernel
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
network
low complexity
linux CWE-665
critical
9.8
2017-08-09 CVE-2017-12762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow.
network
low complexity
linux canonical CWE-119
critical
9.8