Filtered by vendor Linux
Subscribe
Total
10391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3848 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.9 LOW | N/A |
| Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). | |||||
| CVE-2009-0675 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue. | |||||
| CVE-2008-2729 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information. | |||||
| CVE-2009-3613 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. | |||||
| CVE-2009-0343 | 2 Linux, Niels Provos | 2 Linux Kernel, Systrace | 2025-04-09 | 7.2 HIGH | N/A |
| Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes. | |||||
| CVE-2008-0010 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 2.1 LOW | N/A |
| The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. | |||||
| CVE-2006-5823 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.0 MEDIUM | N/A |
| The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. | |||||
| CVE-2006-5757 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. | |||||
| CVE-2009-2044 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | |||||
| CVE-2006-6056 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | |||||
| CVE-2009-1897 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
| The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894. | |||||
| CVE-2007-1497 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | |||||
| CVE-2008-3525 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.2 HIGH | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | |||||
| CVE-2008-3276 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.1 HIGH | N/A |
| Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. | |||||
| CVE-2007-4998 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 6.9 MEDIUM | N/A |
| cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination. | |||||
| CVE-2009-3624 | 1 Linux | 2 Kernel, Linux Kernel | 2025-04-09 | 4.6 MEDIUM | N/A |
| The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. | |||||
| CVE-2008-2750 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.8 HIGH | N/A |
| The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. | |||||
| CVE-2006-4572 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 7.5 HIGH | N/A |
| ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug." | |||||
| CVE-2007-2764 | 2 Brocade, Linux | 9 Silkworm 12000 Director, Silkworm 200e Switch, Silkworm 24000 Director and 6 more | 2025-04-09 | 7.8 HIGH | N/A |
| The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | |||||
| CVE-2006-6057 | 1 Linux | 1 Linux Kernel | 2025-04-09 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. | |||||