Filtered by vendor Linux
Subscribe
Search
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1535 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2018-10-30 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. | |||||
| CVE-2008-3276 | 1 Linux | 1 Linux Kernel | 2018-10-30 | 7.1 HIGH | N/A |
| Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. | |||||
| CVE-2008-2750 | 1 Linux | 1 Linux Kernel | 2018-10-30 | 7.8 HIGH | N/A |
| The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. | |||||
| CVE-2008-2365 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2018-10-30 | 4.7 MEDIUM | N/A |
| Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x. | |||||
| CVE-2008-2137 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-30 | 4.4 MEDIUM | N/A |
| The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. | |||||
| CVE-2008-1673 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-30 | 10.0 HIGH | N/A |
| The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. | |||||
| CVE-2007-2875 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | |||||
| CVE-2007-2172 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-10-19 | 4.7 MEDIUM | N/A |
| A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. | |||||
| CVE-2006-0454 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value. | |||||
| CVE-2006-0095 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | |||||
| CVE-2005-4605 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value. | |||||
| CVE-2005-4352 | 2 Linux, Netbsd | 2 Linux Kernel, Netbsd | 2018-10-19 | 2.1 LOW | N/A |
| The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap." | |||||
| CVE-2005-3784 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of service (crash) and gain root privileges. | |||||
| CVE-2005-3783 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). | |||||
| CVE-2005-3857 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function. | |||||
| CVE-2005-3807 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function. | |||||
| CVE-2005-3806 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 6.6 MEDIUM | N/A |
| The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory. | |||||
| CVE-2005-3805 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process CPU timers. | |||||
| CVE-2005-3358 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs. | |||||
| CVE-2005-3356 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2005-3527 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.0 MEDIUM | N/A |
| Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP. | |||||
| CVE-2005-3276 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information. | |||||
| CVE-2005-3275 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.6 LOW | N/A |
| The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption. | |||||
| CVE-2005-3274 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 1.2 LOW | N/A |
| Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. | |||||
| CVE-2005-3273 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | |||||
| CVE-2005-2973 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash). | |||||
| CVE-2005-2872 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The ipt_recent kernel module (ipt_recent.c) in Linux kernel before 2.6.12, when running on 64-bit processors such as AMD64, allows remote attackers to cause a denial of service (kernel panic) via certain attacks such as SSH brute force, which leads to memset calls using a length based on the u_int32_t type, acting on an array of unsigned long elements, a different vulnerability than CVE-2005-2873. | |||||
| CVE-2005-3181 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). | |||||
| CVE-2005-3180 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3110 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.6 LOW | N/A |
| Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked. | |||||
| CVE-2005-3109 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus. | |||||
| CVE-2005-3106 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 1.2 LOW | N/A |
| Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. | |||||
| CVE-2005-3055 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. | |||||
| CVE-2005-3053 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. | |||||
| CVE-2005-3044 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | |||||
| CVE-2005-2800 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. | |||||
| CVE-2005-2709 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.6 MEDIUM | N/A |
| The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | |||||
| CVE-2005-2708 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. | |||||
| CVE-2005-2801 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | |||||
| CVE-2005-2555 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-19 | 4.6 MEDIUM | N/A |
| Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | |||||
| CVE-2005-2553 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program. | |||||
| CVE-2005-2492 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2018-10-19 | 3.6 LOW | N/A |
| The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | |||||
| CVE-2005-2490 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread. | |||||
| CVE-2005-2099 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. | |||||
| CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | |||||
| CVE-2005-2458 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". | |||||
| CVE-2005-2098 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM. | |||||
| CVE-2005-2457 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. | |||||
| CVE-2005-2456 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | |||||
| CVE-2005-1762 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address. | |||||