|Max CVSS||10.0||Min CVSS||1.9||Total Count||38|
|ID||CVSS||Summary||Last (major) update||Published|
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
|20-08-2013 - 02:34||04-11-2009 - 10:30|
The Linux kernel before 22.214.171.124 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
|26-11-2012 - 22:47||08-07-2008 - 20:41|
Linux kernel before 126.96.36.199 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
|26-11-2012 - 22:44||07-05-2008 - 20:20|
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
|29-10-2012 - 23:16||29-09-2008 - 13:17|
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 188.8.131.52 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to U
|23-03-2012 - 00:00||28-05-2009 - 16:30|
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unsp
|19-03-2012 - 00:00||02-02-2011 - 18:00|
The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via
|19-03-2012 - 00:00||29-11-2010 - 11:00|
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to o
|19-03-2012 - 00:00||21-09-2010 - 16:00|
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a
|19-03-2012 - 00:00||04-10-2010 - 17:00|
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to
|19-03-2012 - 00:00||24-09-2010 - 16:00|
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compou
|19-03-2012 - 00:00||07-09-2010 - 13:00|
The do_anonymous_page function in mm/memory.c in the Linux kernel before 184.108.40.206, 2.6.32.x before 220.127.116.11, 2.6.34.x before 18.104.22.168, and 2.6.35.x before 22.214.171.124 does not properly separate the stack and the heap, which allows context-dependent at
|19-03-2012 - 00:00||03-09-2010 - 16:00|
Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact v
|19-03-2012 - 00:00||07-05-2010 - 14:30|
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is i
|19-03-2012 - 00:00||31-03-2010 - 14:00|
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 126.96.36.199 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of
|19-03-2012 - 00:00||17-02-2010 - 13:30|
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 188.8.131.52 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
|19-03-2012 - 00:00||12-01-2010 - 12:30|
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
|19-03-2012 - 00:00||04-12-2009 - 16:30|
net/unix/af_unix.c in the Linux kernel 184.108.40.206 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
|19-03-2012 - 00:00||22-10-2009 - 12:00|
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 220.127.116.11 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
|19-03-2012 - 00:00||19-10-2009 - 16:00|
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via v
|19-03-2012 - 00:00||18-09-2009 - 06:30|
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|19-03-2012 - 00:00||27-08-2009 - 13:30|
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
|19-03-2012 - 00:00||22-04-2009 - 11:30|
The audit_syscall_entry function in the Linux kernel 18.104.22.168 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass
|19-03-2012 - 00:00||06-03-2009 - 06:30|
drivers/firmware/dell_rbu.c in the Linux kernel before 22.214.171.124, and 2.6.28.x before 126.96.36.199, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size
|19-03-2012 - 00:00||28-01-2009 - 13:30|
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
|19-03-2012 - 00:00||22-12-2008 - 10:30|
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 188.8.131.52 and 2.6 before 184.108.40.206 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT
|19-03-2012 - 00:00||16-05-2008 - 08:54|
VFS in the Linux kernel before 220.127.116.11, and 2.6.23.x before 18.104.22.168, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
|19-03-2012 - 00:00||15-01-2008 - 15:00|
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
|07-03-2011 - 22:01||09-11-2007 - 13:46|
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 22.214.171.124, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users t
|07-03-2011 - 21:58||24-09-2007 - 18:17|
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 126.96.36.199 does not return the correct write size, which allows local users to obtain sensitive information (kernel memor
|07-03-2011 - 21:58||26-09-2007 - 06:17|
The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (f
|07-03-2011 - 21:42||10-10-2006 - 00:06|
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
|30-11-2010 - 01:01||02-03-2007 - 16:18|
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinloc
|15-09-2010 - 00:00||06-02-2007 - 14:28|
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a s
|21-08-2010 - 01:32||22-05-2009 - 07:52|
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
|21-08-2010 - 01:21||30-06-2008 - 18:41|
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
|21-08-2010 - 00:57||30-01-2007 - 14:28|
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
|21-08-2010 - 00:00||29-11-2007 - 21:46|
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
|21-08-2010 - 00:00||26-06-2007 - 14:30|