Max CVSS 7.8 Min CVSS 1.9 Total Count58
IDCVSSSummaryLast (major) updatePublished
CVE-2011-4110 2.1
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a
22-08-2016 - 22:04 27-01-2012 - 10:55
CVE-2011-4077 6.9
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code
22-08-2016 - 22:04 27-01-2012 - 10:55
CVE-2011-2492 1.9
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to
22-08-2016 - 22:03 28-07-2011 - 18:55
CVE-2011-2213 4.9
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE in
22-08-2016 - 22:03 29-08-2011 - 14:55
CVE-2013-2147 2.1
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory vi
16-10-2015 - 11:07 07-06-2013 - 10:03
CVE-2011-1170 2.1
net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potential
05-10-2015 - 22:57 22-06-2011 - 18:55
CVE-2011-1171 2.1
net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentiall
05-10-2015 - 22:55 22-06-2011 - 18:55
CVE-2011-1172 2.1
net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potential
05-10-2015 - 22:53 22-06-2011 - 18:55
CVE-2011-4132 2.1
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block
03-09-2015 - 10:23 27-01-2012 - 10:55
CVE-2013-0160 2.1
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
16-03-2014 - 00:32 17-02-2013 - 23:41
CVE-2013-3224 4.9
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted re
06-02-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3222 4.9
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system
06-02-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-2237 2.1
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message fr
06-02-2014 - 23:46 04-07-2013 - 17:55
CVE-2013-2232 4.9
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
06-02-2014 - 23:46 04-07-2013 - 17:55
CVE-2013-2206 5.4
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers t
06-02-2014 - 23:46 04-07-2013 - 17:55
CVE-2013-0914 3.6
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted
06-02-2014 - 23:45 22-03-2013 - 07:59
CVE-2012-6544 1.9
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2)
06-02-2014 - 23:44 15-03-2013 - 16:55
CVE-2013-2234 2.1
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by
30-01-2014 - 00:10 04-07-2013 - 17:55
CVE-2013-2164 2.1
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
30-01-2014 - 00:10 04-07-2013 - 17:55
CVE-2011-2525 7.2
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL poin
13-01-2014 - 23:09 01-02-2012 - 23:09
CVE-2013-3235 4.9
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom syste
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3234 4.9
The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom syste
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3232 4.9
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom sys
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3231 4.7
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom syst
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3229 4.9
The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3228 4.9
The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfro
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-3223 4.9
The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom syste
03-01-2014 - 23:47 22-04-2013 - 07:41
CVE-2013-2141 2.1
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2
03-01-2014 - 23:46 07-06-2013 - 10:03
CVE-2013-1928 4.7
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted
03-01-2014 - 23:46 29-04-2013 - 10:55
CVE-2012-6545 1.9
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
03-01-2014 - 23:43 15-03-2013 - 16:55
CVE-2012-6542 1.9
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that le
03-01-2014 - 23:43 15-03-2013 - 16:55
CVE-2011-2699 7.8
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting thes
10-10-2013 - 23:36 24-05-2012 - 19:55
CVE-2013-0268 6.2
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
22-08-2013 - 02:48 17-02-2013 - 23:41
CVE-2012-6549 1.9
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
22-08-2013 - 02:48 15-03-2013 - 16:55
CVE-2012-6547 1.9
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
22-08-2013 - 02:48 15-03-2013 - 16:55
CVE-2013-0871 6.9
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.
20-06-2013 - 23:16 17-02-2013 - 23:41
CVE-2012-4444 5.0
The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments.
14-06-2013 - 23:15 21-12-2012 - 06:47
CVE-2013-1827 6.2
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsoc
04-06-2013 - 23:42 22-03-2013 - 07:59
CVE-2012-6546 1.9
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
04-06-2013 - 23:40 15-03-2013 - 16:55
CVE-2012-6537 1.9
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
04-06-2013 - 23:40 15-03-2013 - 16:55
CVE-2012-4530 2.1
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
04-06-2013 - 23:38 17-02-2013 - 23:41
CVE-2012-6540 1.9
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memor
14-05-2013 - 23:33 15-03-2013 - 16:55
CVE-2012-6539 1.9
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
14-05-2013 - 23:33 15-03-2013 - 16:55
CVE-2012-3510 5.6
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskst
18-04-2013 - 23:23 03-10-2012 - 07:02
CVE-2012-6541 1.9
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
18-03-2013 - 14:17 15-03-2013 - 16:55
CVE-2012-2136 7.2
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly g
01-03-2013 - 23:41 09-08-2012 - 06:29
CVE-2011-2494 2.1
kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.
18-12-2012 - 23:41 13-06-2012 - 06:24
CVE-2011-3209 4.9
The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.
03-10-2012 - 00:00 03-10-2012 - 07:02
CVE-2011-4324 4.9
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.
22-06-2012 - 00:00 21-06-2012 - 19:55
CVE-2011-3363 5.4
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
29-05-2012 - 00:00 24-05-2012 - 19:55
CVE-2011-4330 7.2
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
16-04-2012 - 00:00 27-01-2012 - 10:55
CVE-2011-2928 4.9
The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessin
22-03-2012 - 00:00 29-08-2011 - 13:55
CVE-2009-4020 7.8
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
19-03-2012 - 00:00 04-12-2009 - 16:30
CVE-2010-3880 4.9
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message t
19-03-2012 - 00:00 10-12-2010 - 14:00
CVE-2010-4249 4.9
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via
19-03-2012 - 00:00 29-11-2010 - 11:00
CVE-2011-2203 2.1
The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.
19-03-2012 - 00:00 27-01-2012 - 10:55
CVE-2011-2484 4.9
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the
19-03-2012 - 00:00 24-06-2011 - 16:55
CVE-2011-2534 4.0
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related
19-03-2012 - 00:00 22-06-2011 - 19:55
Back to Top Mark selected
Back to Top