Filtered by vendor Linux
Subscribe
Search
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1234 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL. | |||||
| CVE-2004-1144 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2004-1072 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | |||||
| CVE-2004-1071 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | |||||
| CVE-2004-1070 | 5 Linux, Redhat, Suse and 2 more | 8 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2017-10-11 | 7.2 HIGH | N/A |
| The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | |||||
| CVE-2003-0462 | 2 Linux, Mandrakesoft | 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-10-11 | 1.2 LOW | N/A |
| A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | |||||
| CVE-2003-0244 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions. | |||||
| CVE-2003-0246 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 3.6 LOW | N/A |
| The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. | |||||
| CVE-2003-0187 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. | |||||
| CVE-2004-1056 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2017-10-11 | 6.4 MEDIUM | N/A |
| Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. | |||||
| CVE-2004-0535 | 6 Conectiva, Engardelinux, Gentoo and 3 more | 17 Linux, Secure Community, Secure Linux and 14 more | 2017-10-11 | 2.1 LOW | N/A |
| The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||||
| CVE-2005-0504 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. | |||||
| CVE-2003-0465 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. | |||||
| CVE-2003-0619 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. | |||||
| CVE-2003-0984 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 4.6 MEDIUM | N/A |
| Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | |||||
| CVE-2004-0565 | 4 Gentoo, Linux, Mandrakesoft and 1 more | 6 Linux, Linux Kernel, Mandrake Linux and 3 more | 2017-10-11 | 2.1 LOW | N/A |
| Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. | |||||
| CVE-2003-0986 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-10-11 | 1.7 LOW | N/A |
| Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. | |||||
| CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
| CVE-2002-1319 | 2 Linux, Trustix | 2 Linux Kernel, Secure Linux | 2017-10-10 | 2.1 LOW | N/A |
| The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. | |||||
| CVE-2004-0001 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2002-0060 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.5 HIGH | N/A |
| IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. | |||||
| CVE-2002-1574 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | |||||
| CVE-2004-0075 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | |||||
| CVE-2004-0186 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2017-10-10 | 7.2 HIGH | N/A |
| smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | |||||
| CVE-2002-0046 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 5.0 MEDIUM | N/A |
| Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. | |||||
| CVE-2001-0405 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.5 HIGH | N/A |
| ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. | |||||
| CVE-2000-0006 | 2 Linux, Paul Kranenburg | 2 Linux Kernel, Strace | 2017-10-10 | 2.6 LOW | N/A |
| strace allows local users to read arbitrary files via memory mapped file names. | |||||
| CVE-2001-0851 | 3 Caldera, Linux, Suse | 7 Openlinux, Openlinux Edesktop, Openlinux Eserver and 4 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. | |||||
| CVE-1999-1276 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2017-10-10 | 7.2 HIGH | N/A |
| fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. | |||||
| CVE-2001-0316 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 4.6 MEDIUM | N/A |
| Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. | |||||
| CVE-2001-0317 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 3.7 LOW | N/A |
| Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. | |||||
| CVE-2001-0914 | 2 Linux, Suse | 2 Linux Kernel, Suse Linux | 2017-10-10 | 2.1 LOW | N/A |
| Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. | |||||
| CVE-2015-0359 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2017-10-07 | 10.0 HIGH | N/A |
| Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. | |||||
| CVE-2009-1493 | 2 Adobe, Linux | 2 Reader, Linux | 2017-09-29 | 6.8 MEDIUM | N/A |
| The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument. | |||||
| CVE-2009-1883 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.4 MEDIUM | N/A |
| The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. | |||||
| CVE-2009-1758 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2017-09-29 | 5.0 MEDIUM | N/A |
| The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." | |||||
| CVE-2009-0065 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. | |||||
| CVE-2009-0521 | 2 Adobe, Linux | 2 Flash Player For Linux, Linux | 2017-09-29 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. | |||||
| CVE-2009-0031 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." | |||||
| CVE-2008-4933 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | |||||
| CVE-2008-4302 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | |||||
| CVE-2008-5025 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. | |||||
| CVE-2008-4576 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | |||||
| CVE-2008-4210 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. | |||||
| CVE-2008-4554 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | |||||
| CVE-2008-2372 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." | |||||
| CVE-2008-2358 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow. | |||||
| CVE-2008-3527 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. | |||||
| CVE-2008-3525 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | |||||
| CVE-2008-3833 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. | |||||