Filtered by vendor Linux
Subscribe
Search
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4377 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file. | |||||
| CVE-2010-4376 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream. | |||||
| CVE-2010-2579 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 5.0 MEDIUM | N/A |
| The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. | |||||
| CVE-2010-2999 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 9.3 HIGH | N/A |
| Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file. | |||||
| CVE-2010-0121 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2011-01-19 | 10.0 HIGH | N/A |
| The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. | |||||
| CVE-2006-3634 | 1 Linux | 1 Linux Kernel | 2011-01-19 | 4.9 MEDIUM | N/A |
| The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash). | |||||
| CVE-2010-4111 | 3 Hp, Linux, Microsoft | 3 Insight Diagnostics, Linux Kernel, Windows | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4606 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2011-01-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary commands via unknown vectors, related to a "script execution vulnerability." | |||||
| CVE-2010-4605 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2011-01-04 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors. | |||||
| CVE-2010-3038 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2010-12-10 | 10.0 HIGH | N/A |
| Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008. | |||||
| CVE-2010-4303 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2010-11-30 | 4.9 MEDIUM | N/A |
| Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. | |||||
| CVE-2010-4302 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2010-11-30 | 4.9 MEDIUM | N/A |
| /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. | |||||
| CVE-2010-2221 | 4 Arne Redlich \& Ross Walker, Linux, Vladislav Bolkhovitin and 1 more | 4 Iscsitarget, Linux Kernel, Generic Scsi Target Subsystem and 1 more | 2010-09-30 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU. | |||||
| CVE-2007-0822 | 1 Linux | 1 Linux Kernel | 2010-09-15 | 1.9 LOW | N/A |
| umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. | |||||
| CVE-2006-5749 | 1 Linux | 1 Linux Kernel | 2010-09-15 | 1.7 LOW | N/A |
| The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. | |||||
| CVE-2010-2594 | 7 Ibm, Intersect Alliance, Linux and 4 more | 14 Aix, Snare Agent, Snare Epilog and 11 more | 2010-07-02 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | |||||
| CVE-2010-1556 | 3 Hp, Linux, Microsoft | 4 Hp-ux, Systems Insight Manager, Linux and 1 more | 2010-05-20 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors. | |||||
| CVE-2004-2607 | 1 Linux | 1 Linux Kernel | 2010-04-02 | 2.1 LOW | N/A |
| A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer. | |||||
| CVE-2007-4998 | 1 Linux | 1 Linux Kernel | 2008-11-15 | 6.9 MEDIUM | N/A |
| cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | |||||
| CVE-2007-3719 | 1 Linux | 1 Linux Kernel | 2008-11-15 | 2.1 LOW | N/A |
| The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2007-3720 | 1 Linux | 1 Linux Kernel | 2008-11-15 | 2.1 LOW | N/A |
| The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | |||||
| CVE-2007-2480 | 1 Linux | 1 Linux Kernel | 2008-11-13 | 4.6 MEDIUM | N/A |
| The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. | |||||
| CVE-2003-0018 | 1 Linux | 1 Linux Kernel | 2008-09-11 | 3.6 LOW | N/A |
| Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. | |||||
| CVE-2003-0643 | 1 Linux | 1 Linux Kernel | 2008-09-10 | 2.1 LOW | N/A |
| Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). | |||||
| CVE-2000-0344 | 1 Linux | 1 Linux Kernel | 2008-09-10 | 5.0 MEDIUM | N/A |
| The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. | |||||
| CVE-2000-0289 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2008-09-10 | 5.0 MEDIUM | N/A |
| IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. | |||||
| CVE-2000-0506 | 1 Linux | 1 Linux Kernel | 2008-09-10 | 10.0 HIGH | N/A |
| The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability." | |||||
| CVE-1999-0986 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2008-09-09 | 5.0 MEDIUM | N/A |
| The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | |||||
| CVE-1999-0804 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Linux and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. | |||||
| CVE-1999-0628 | 4 Freebsd, Ibm, Linux and 1 more | 4 Freebsd, Aix, Linux Kernel and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| The rwho/rwhod service is running, which exposes machine status and user information. | |||||
| CVE-1999-0720 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 4.6 MEDIUM | N/A |
| The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. | |||||
| CVE-1999-0216 | 3 Gnu, Hp, Linux | 3 Inet, Hp-ux, Linux Kernel | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service of inetd on Linux through SYN and RST packets. | |||||
| CVE-1999-0245 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 4.6 MEDIUM | N/A |
| Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". | |||||
| CVE-1999-0317 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in Linux su command gives root access to local users. | |||||
| CVE-1999-0257 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 5.0 MEDIUM | N/A |
| Nestea variation of teardrop IP fragmentation denial of service. | |||||
| CVE-1999-0414 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 5.0 MEDIUM | N/A |
| In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. | |||||
| CVE-1999-0330 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 7.2 HIGH | N/A |
| Linux bdash game has a buffer overflow that allows local users to gain root access. | |||||
| CVE-1999-0335 | 2 Bsdi, Linux | 2 Bsd Os, Linux Kernel | 2008-09-09 | 7.2 HIGH | N/A |
| DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-1999-0032. | |||||
| CVE-1999-0381 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2008-09-09 | 7.2 HIGH | N/A |
| super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. | |||||
| CVE-1999-0401 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 3.7 LOW | N/A |
| A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. | |||||
| CVE-1999-0461 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2008-09-09 | 10.0 HIGH | N/A |
| Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. | |||||
| CVE-1999-0431 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 5.0 MEDIUM | N/A |
| Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. | |||||
| CVE-1999-0138 | 7 Apple, Digital, Freebsd and 4 more | 9 A Ux, Osf 1, Freebsd and 6 more | 2008-09-09 | 7.2 HIGH | N/A |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. | |||||
| CVE-1999-0195 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | |||||
| CVE-1999-0183 | 2 Linux, Tftp | 2 Linux Kernel, Tftp | 2008-09-09 | 6.4 MEDIUM | N/A |
| Linux implementations of TFTP would allow access to files outside the restricted directory. | |||||
| CVE-1999-0171 | 1 Linux | 1 Linux Kernel | 2008-09-09 | 2.1 LOW | N/A |
| Denial of service in syslog by sending it a large number of superfluous messages. | |||||
| CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||||
| CVE-1999-0074 | 4 Freebsd, Linux, Microsoft and 1 more | 4 Freebsd, Linux Kernel, Windows Nt and 1 more | 2008-09-09 | 6.4 MEDIUM | N/A |
| Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||||
| CVE-1999-0061 | 4 Bsdi, Freebsd, Linux and 1 more | 4 Bsd Os, Freebsd, Linux Kernel and 1 more | 2008-09-09 | 5.1 MEDIUM | N/A |
| File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | |||||
| CVE-2008-3901 | 2 Linux, Suspend2 | 2 Linux Kernel, Software Suspend 2 | 2008-09-05 | 2.1 LOW | N/A |
| Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||