Filtered by vendor Linux
Subscriptions
Total
10476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8171 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | N/A |
| The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup. | ||||
| CVE-2014-3180 | 2 Google, Linux | 2 Chrome Os, Linux Kernel | 2024-11-21 | 9.1 Critical |
| In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable | ||||
| CVE-2013-7470 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | ||||
| CVE-2013-4486 | 2 Linux, Redhat | 2 Linux Kernel, Zanata | 2024-11-21 | 9.8 Critical |
| Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging | ||||
| CVE-2013-4367 | 2 Linux, Ovirt | 2 Linux Kernel, Ovirt-engine | 2024-11-21 | 7.8 High |
| ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'. | ||||
| CVE-2013-1951 | 3 Debian, Linux, Mediawiki | 3 Debian Linux, Linux Kernel, Mediawiki | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | ||||
| CVE-2012-6712 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | ||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | ||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 3.3 Low |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | ||||
| CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-11-21 | 5.3 Medium |
| A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | ||||
| CVE-2012-0810 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-11-21 | 5.5 Medium |
| The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. | ||||
| CVE-2012-0055 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. | ||||
| CVE-2011-5327 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. | ||||
| CVE-2011-4917 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. | ||||
| CVE-2011-4916 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. | ||||
| CVE-2011-4915 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | ||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 9.8 Critical |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | ||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 7.3 High |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | ||||
| CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | ||||
| CVE-2011-2498 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | ||||