Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2213 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Aus, Enterprise Linux Desktop and 3 more | 2023-02-12 | 4.9 MEDIUM | N/A |
| The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. | |||||
| CVE-2011-1593 | 3 Canonical, Linux, Redhat | 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more | 2023-02-12 | 4.9 MEDIUM | N/A |
| Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. | |||||
| CVE-2011-1182 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2023-02-12 | 3.6 LOW | N/A |
| kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. | |||||
| CVE-2011-1746 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2023-02-12 | 6.9 MEDIUM | N/A |
| Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. | |||||
| CVE-2011-2492 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Aus, Enterprise Linux Desktop and 3 more | 2023-02-12 | 1.9 LOW | N/A |
| The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. | |||||
| CVE-2011-1093 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Aus, Enterprise Linux Desktop and 3 more | 2023-02-12 | 7.8 HIGH | N/A |
| The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. | |||||
| CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2023-02-12 | 2.1 LOW | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
| CVE-2011-1745 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2023-02-12 | 6.9 MEDIUM | N/A |
| Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. | |||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2023-02-12 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
| CVE-2021-3609 | 3 Linux, Netapp, Redhat | 43 Linux Kernel, H300e, H300e Firmware and 40 more | 2023-02-12 | 6.9 MEDIUM | 7.0 HIGH |
| .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | |||||
| CVE-2020-14391 | 2 Gnome, Redhat | 5 Control Center, Enterprise Linux, Enterprise Linux Aus and 2 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2019-10126 | 6 Canonical, Debian, Linux and 3 more | 26 Ubuntu Linux, Debian Linux, Linux Kernel and 23 more | 2023-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. | |||||
| CVE-2019-11477 | 5 Canonical, F5, Linux and 2 more | 24 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 21 more | 2023-01-17 | 7.8 HIGH | 7.5 HIGH |
| Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. | |||||
| CVE-2016-5195 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2023-01-17 | 7.2 HIGH | 7.8 HIGH |
| Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | |||||
| CVE-2020-1045 | 3 Fedoraproject, Microsoft, Redhat | 6 Fedora, Asp.net Core, Enterprise Linux and 3 more | 2022-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-14355 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Leap and 7 more | 2022-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | |||||
| CVE-2021-3570 | 4 Debian, Fedoraproject, Linuxptp Project and 1 more | 7 Debian Linux, Fedora, Linuxptp and 4 more | 2022-10-07 | 8.0 HIGH | 8.8 HIGH |
| A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | |||||
| CVE-2018-16878 | 6 Canonical, Clusterlabs, Debian and 3 more | 9 Ubuntu Linux, Pacemaker, Debian Linux and 6 more | 2022-10-06 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | |||||
| CVE-2021-20316 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Aus and 4 more | 2022-08-26 | N/A | 6.8 MEDIUM |
| A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | |||||
| CVE-2020-10711 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2022-04-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | |||||