Total
10350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4343 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. | |||||
| CVE-2011-3124 | 2 Ibm, Linux | 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
| IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2011-1412 | 4 Ioquake3, Linux, Openarena and 1 more | 4 Ioquake3 Engine, Linux Kernel, Openarena and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable. | |||||
| CVE-2013-0879 | 4 Apple, Google, Linux and 1 more | 5 Iphone Os, Mac Os X, Chrome and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-5375 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
| The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value. | |||||
| CVE-2013-1375 | 5 Adobe, Apple, Google and 2 more | 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more | 2025-04-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2123 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
| The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. | |||||
| CVE-2013-2146 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | |||||
| CVE-2010-0006 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.1 HIGH | N/A |
| The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567. | |||||
| CVE-2012-2038 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-4296 | 3 Apple, Linux, Vmware | 6 Mac Os X, Linux Kernel, Fusion and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. | |||||
| CVE-2013-2896 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. | |||||
| CVE-2011-1019 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2010-4385 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2025-04-11 | 9.3 HIGH | N/A |
| Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. | |||||
| CVE-2011-1759 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.2 MEDIUM | N/A |
| Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. | |||||
| CVE-2010-1088 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 5.4 MEDIUM | N/A |
| fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. | |||||
| CVE-2011-4913 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | 7.8 HIGH | N/A |
| The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. | |||||
| CVE-2011-4077 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. | |||||
| CVE-2012-0450 | 3 Apple, Linux, Mozilla | 4 Mac Os X, Linux Kernel, Firefox and 1 more | 2025-04-11 | 2.1 LOW | N/A |
| Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | |||||
| CVE-2010-1148 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a POSIX file-creation request to a server that supports UNIX extensions. | |||||