Filtered by vendor Linux
Subscribe
Total
15226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.
|
|||||
| CVE-2005-2708 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.
|
|||||
| CVE-2005-0530 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
|
|||||
| CVE-2006-0038 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 6.9 MEDIUM | N/A |
|
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
|
|||||
| CVE-2004-0181 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
|
|||||
| CVE-1999-0400 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Denial of service in Linux 2.2.0 running the ldd command on a core file.
|
|||||
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2025-04-03 | 7.2 HIGH | N/A |
|
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
|
|||||
| CVE-2006-0741 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 1.2 LOW | N/A |
|
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
|
|||||
| CVE-2005-0209 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.
|
|||||
| CVE-2005-0003 | 4 Avaya, Linux, Mandrakesoft and 1 more | 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more | 2025-04-03 | 2.1 LOW | N/A |
|
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
|
|||||
| CVE-2004-0814 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2025-04-03 | 1.2 LOW | N/A |
|
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
|
|||||
| CVE-1999-0245 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".
|
|||||
| CVE-2005-3275 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.6 LOW | N/A |
|
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
|
|||||
| CVE-2004-0495 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
|
|||||
| CVE-2006-0457 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.1 HIGH | N/A |
|
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
|
|||||
| CVE-2005-3753 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker.
|
|||||
| CVE-2006-1855 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.
|
|||||
| CVE-1999-0656 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.
|
|||||
| CVE-2004-0058 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
|
|||||
| CVE-2006-0456 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
|
|||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2025-04-03 | 6.0 MEDIUM | 7.8 HIGH |
|
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
|
|||||
| CVE-2001-1396 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
|
|||||
| CVE-2005-3858 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.8 HIGH | N/A |
|
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
|
|||||
| CVE-2005-0180 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
|
|||||
| CVE-2005-2099 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor.
|
|||||
| CVE-2002-1976 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.
|
|||||
| CVE-1999-0628 | 4 Freebsd, Ibm, Linux and 1 more | 4 Freebsd, Aix, Linux Kernel and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rwho/rwhod service is running, which exposes machine status and user information.
|
|||||
| CVE-1999-1276 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
|
|||||
| CVE-2005-2548 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd.
|
|||||
| CVE-2003-0465 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
|
|||||
| CVE-2004-0535 | 6 Conectiva, Engardelinux, Gentoo and 3 more | 17 Linux, Secure Community, Secure Linux and 14 more | 2025-04-03 | 2.1 LOW | N/A |
|
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
|
|||||
| CVE-2006-1863 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
|
|||||
| CVE-2005-3274 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-03 | 1.2 LOW | 4.7 MEDIUM |
|
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.
|
|||||
| CVE-2005-2492 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-03 | 3.6 LOW | N/A |
|
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
|
|||||
| CVE-2005-3273 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
|
|||||
| CVE-2002-0429 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 3.6 LOW | N/A |
|
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
|
|||||
| CVE-2005-3179 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.
|
|||||
| CVE-2000-0227 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
|
|||||
| CVE-2005-0001 | 3 Linux, Redhat, Trustix | 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2025-04-03 | 6.9 MEDIUM | N/A |
|
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
|
|||||
| CVE-2004-0010 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
|
|||||