Filtered by vendor Linux
Subscribe
Search
Total
5234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3247 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 7.2 HIGH | N/A |
| The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2008-2953 | 1 Linux | 1 Direct Connect | 2017-08-08 | 5.0 MEDIUM | N/A |
| Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. | |||||
| CVE-2008-2954 | 1 Linux | 1 Direct Connect | 2017-08-08 | 7.8 HIGH | N/A |
| client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read. | |||||
| CVE-2008-2148 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 3.6 LOW | N/A |
| The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. | |||||
| CVE-2008-1810 | 2 Linux, Sap | 2 Linux Kernel, Maxdb | 2017-08-08 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. | |||||
| CVE-2008-1628 | 1 Linux | 1 Audit | 2017-08-08 | 4.1 MEDIUM | N/A |
| Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1286 | 2 Linux, Sun | 3 Linux Kernel, Java Web Console, Solaris | 2017-08-08 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | |||||
| CVE-2008-0163 | 1 Linux | 1 Linux Kernel | 2017-08-08 | 4.4 MEDIUM | N/A |
| Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. | |||||
| CVE-2008-1214 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2017-08-08 | 7.5 HIGH | N/A |
| MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1213 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2017-07-30 | 6.9 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | |||||
| CVE-2007-6209 | 2 Linux, Zsh | 2 Linux Kernel, Zsh | 2017-07-29 | 4.6 MEDIUM | N/A |
| Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2007-5501 | 1 Linux | 1 Linux Kernel | 2017-07-29 | 7.8 HIGH | N/A |
| The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. | |||||
| CVE-2007-2191 | 7 Bsd, Freepbx, Hp and 4 more | 8 Bsd, Freepbx, Hp-ux and 5 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. | |||||
| CVE-2007-1945 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I5os and 6 more | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. | |||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
| CVE-2007-1281 | 3 Kaspersky Lab, Linux, Microsoft | 3 Kaspersky Antivirus Engine, Linux Kernel, All Windows | 2017-07-29 | 7.8 HIGH | N/A |
| Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. | |||||
| CVE-2007-0772 | 1 Linux | 1 Linux Kernel | 2017-07-29 | 7.8 HIGH | N/A |
| The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer. | |||||
| CVE-2006-6128 | 1 Linux | 1 Linux Kernel | 2017-07-29 | 2.1 LOW | N/A |
| The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed. | |||||
| CVE-2002-2254 | 1 Linux | 1 Linux Kernel | 2017-07-29 | 2.1 LOW | N/A |
| The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted. | |||||
| CVE-2003-1467 | 4 Linux, Microsoft, Phorum and 1 more | 4 Linux Kernel, All Windows, Phorum and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2003-1456 | 4 Linux, Microsoft, Mike Bobbitt and 1 more | 4 Linux Kernel, All Windows, Album.pl and 1 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. | |||||
| CVE-2003-1327 | 2 Linux, Washington University | 2 Linux Kernel, Wu-ftpd | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | |||||
| CVE-2003-1454 | 4 Invision Power Services, Linux, Microsoft and 1 more | 4 Invision Board, Linux Kernel, All Windows and 1 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | |||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | |||||
| CVE-2003-1423 | 4 Linux, Microsoft, Petitforum and 1 more | 4 Linux Kernel, All Windows, Petitforum and 1 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | |||||
| CVE-2003-1428 | 2 Bharat Mediratta, Linux | 2 Gallery, Linux Kernel | 2017-07-29 | 4.8 MEDIUM | N/A |
| Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | |||||
| CVE-2003-1388 | 4 Linux, Microsoft, Opera Software and 1 more | 4 Linux Kernel, All Windows, Opera and 1 more | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | |||||
| CVE-2003-1372 | 4 Linux, Microsoft, Myphpnuke and 1 more | 4 Linux Kernel, All Windows, Myphpnuke and 1 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. | |||||
| CVE-2003-1332 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||||
| CVE-2014-9914 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | |||||
| CVE-2017-0451 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. | |||||
| CVE-2017-0448 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448. | |||||
| CVE-2016-8481 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | |||||
| CVE-2016-8480 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186. | |||||
| CVE-2016-8476 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. | |||||
| CVE-2016-8421 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. | |||||
| CVE-2016-8420 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. | |||||
| CVE-2016-8419 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209. | |||||
| CVE-2016-8414 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. | |||||
| CVE-2016-10044 | 2 Google, Linux | 2 Android, Linux Kernel | 2017-07-25 | 7.2 HIGH | 7.8 HIGH |
| The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | |||||
| CVE-2006-6060 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 4.9 MEDIUM | N/A |
| The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function. | |||||
| CVE-2006-6057 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. | |||||
| CVE-2006-5701 | 2 Linux, Redhat | 2 Linux Kernel, Fedora Core | 2017-07-20 | 4.9 MEDIUM | N/A |
| Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | |||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 4.0 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | |||||
| CVE-2006-1860 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 2.1 LOW | N/A |
| lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. | |||||
| CVE-2006-1859 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 2.1 LOW | N/A |
| Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak." | |||||
| CVE-2006-1524 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 3.6 LOW | N/A |
| madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. | |||||
| CVE-2006-0482 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 2.1 LOW | N/A |
| Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call. | |||||
| CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2017-07-20 | 4.3 MEDIUM | N/A |
| The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | |||||