CVE-2005-0736

Integer overflow in sysepollwait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events...

CVE-2005-0178

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service crash and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores...

CVE-2005-0180

Multiple integer signedness errors in the sgscsiioctl function in scsiioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copyfromuser and copytouser functions...

CVE-2005-0178

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service crash and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores...

CVE-2005-0530

Signedness error in the copyfromreadbuf function in ntty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument...

CVE-2005-0530

CVE-2005-0530 is a signedness error in the copy_from_read_buf function in n_tty.c of the Linux kernel (affected: 2.6.10 and 2.6.11rc1) that allows local users to read kernel memory via a negative argument. The vulnerability is documented across multiple advisories, including Red Hat (RHSA-2005:36...

CVE-2005-0091

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls...

security flaw

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls...

security flaw

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service crash and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores...

security flaw

Multiple integer signedness errors in the sgscsiioctl function in scsiioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copyfromuser and copytouser functions...

CVE-2005-0178

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service crash and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores...

CVE-2005-0178

CVE-2005-0178 describes a race condition in the setsid() handling of the Linux kernel before 2.6.8.1. Local users could crash the kernel and potentially access portions of kernel memory related to TTY changes, locking, and semaphores. Affected software: Linux kernel versions prior to 2.6.8.1 (per...

CVE-2004-0919

The syscons CONSSCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via 1 negative coordinates or 2 large coordinates...

CVE-2004-0919

CVE-2004-0919 affects FreeBSD 5.x where the syscons CONS_SCRSHOT ioctl fails to validate input arguments. The advisory reports boundary/validation errors that may allow a local attacker with console access to read arbitrary kernel memory, potentially exposing sensitive data such as kernel/termina...

CVE-2003-1062

Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory...

CVE-2003-1062

CVE-2003-1062 affects Solaris SYSINFO(2) on SPARC 2.6–9 and x86 2.6,7,8. A local attacker can read kernel memory by exploiting a 0 variable count argument in sysinfo(2), where copyout uses a -1 argument (described as an integer underflow/overflow). The provided sources do not specify a patch vers...

CVE-2005-0180

Multiple integer signedness errors in the sgscsiioctl function in scsiioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copyfromuser and copytouser functions...

CVE-2005-0180

CVE-2005-0180 involves multiple signedness errors in sg_scsi_ioctl (scsi_ioctl.c) of Linux 2.6.x. The flaw lets a local user read or modify kernel memory by passing negative integers to the ioctl, bypassing a maximum-length check before copy_from_user/copy_to_user. Connected advisories (e.g., Man...

Multiple VMware ESX Server problems

Web interface format string bugs and protection bypass, kernel memory access...

CVE-2004-1151

Multiple buffer overflows in the 1 sys32nisyscall and 2 sys32vm86warning functions in sysia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges...