Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LinuxLinux Kernel2.6.16.32

92 matches found

CVE
CVEadded 2008/01/15 8:0 p.m.69 views

CVE-2008-0001

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

3.6CVSS5.8AI score0.00067EPSS
CVE
CVEadded 2008/03/26 12:44 a.m.69 views

CVE-2008-1514

arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.

4.9CVSS5AI score0.00115EPSS
CVE
CVEadded 2009/10/29 2:30 p.m.69 views

CVE-2009-3640

The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system...

4.9CVSS8.8AI score0.00061EPSS
CVE
CVEadded 2010/04/06 10:30 p.m.69 views

CVE-2010-1083

The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for physically proximate attackers to obtain sensitiv...

4.7CVSS6.2AI score0.00067EPSS
CVE
CVEadded 2009/08/18 9:0 p.m.68 views

CVE-2009-2846

The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds re...

7.8CVSS6.3AI score0.00314EPSS
CVE
CVEadded 2006/12/02 2:28 a.m.67 views

CVE-2006-5751

Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.

7.2CVSS7.4AI score0.00074EPSS
CVE
CVEadded 2009/04/22 3:30 p.m.67 views

CVE-2009-1360

The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets.

7.1CVSS4.3AI score0.01773EPSS
CVE
CVEadded 2009/10/29 2:30 p.m.66 views

CVE-2009-3638

Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

7.2CVSS6.9AI score0.00061EPSS
CVE
CVEadded 2009/12/02 4:30 p.m.66 views

CVE-2009-4026

The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."

7.8CVSS6.5AI score0.01292EPSS
CVE
CVEadded 2010/06/03 2:30 p.m.66 views

CVE-2010-1643

mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown ...

6.9CVSS7.2AI score0.00093EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.65 views

CVE-2006-6058

The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness err...

4CVSS6AI score0.00184EPSS
CVE
CVEadded 2007/02/20 5:28 p.m.65 views

CVE-2007-0772

The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.

7.8CVSS6AI score0.02668EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.64 views

CVE-2006-6053

The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.

4.9CVSS6.9AI score0.00061EPSS
CVE
CVEadded 2007/02/15 6:28 p.m.64 views

CVE-2007-0958

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.

2.1CVSS7AI score0.00198EPSS
CVE
CVEadded 2006/12/19 7:28 p.m.63 views

CVE-2006-6106

Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via C...

7.5CVSS7.8AI score0.0338EPSS
CVE
CVEadded 2009/10/30 8:30 p.m.63 views

CVE-2009-3722

The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted applicatio...

7.1CVSS6.9AI score0.02481EPSS
CVE
CVEadded 2007/03/02 9:18 p.m.62 views

CVE-2007-1217

Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.

6.9CVSS6.1AI score0.0011EPSS
CVE
CVEadded 2010/03/19 7:30 p.m.62 views

CVE-2009-4271

The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.

4.7CVSS5.8AI score0.00047EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.61 views

CVE-2006-6054

The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.

4CVSS7AI score0.00061EPSS
CVE
CVEadded 2008/01/29 8:0 p.m.60 views

CVE-2007-6694

The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.

7.8CVSS5.6AI score0.01442EPSS
CVE
CVEadded 2009/02/10 10:0 p.m.60 views

CVE-2008-6107

The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, omit some virtual-address range (aka span) checks ...

4.9CVSS6AI score0.00088EPSS
CVE
CVEadded 2012/10/03 11:2 a.m.60 views

CVE-2012-3510

Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.

5.6CVSS6.8AI score0.0009EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.59 views

CVE-2006-6056

Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.

4.9CVSS7AI score0.00048EPSS
CVE
CVEadded 2009/05/05 8:30 p.m.58 views

CVE-2009-1184

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass inten...

4.4CVSS4.2AI score0.00059EPSS
CVE
CVEadded 2009/06/04 4:30 p.m.57 views

CVE-2009-1914

The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function.

4.9CVSS4.2AI score0.00087EPSS
CVE
CVEadded 2010/04/12 6:30 p.m.57 views

CVE-2010-0741

The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) b...

7.8CVSS6.4AI score0.0211EPSS
CVE
CVEadded 2007/05/29 8:30 p.m.56 views

CVE-2007-2451

Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.

5CVSS5.6AI score0.00858EPSS
CVE
CVEadded 2007/07/10 10:30 p.m.54 views

CVE-2007-3107

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.

2.1CVSS6AI score0.00086EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.53 views

CVE-2006-6060

The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.

4.9CVSS7.1AI score0.00047EPSS
CVE
CVEadded 2007/03/10 7:19 p.m.53 views

CVE-2007-1388

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which trigg...

4.4CVSS5.9AI score0.00203EPSS
CVE
CVEadded 2008/06/18 7:41 p.m.52 views

CVE-2008-2750

The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large va...

7.8CVSS7.8AI score0.12059EPSS
CVE
CVEadded 2009/12/13 1:30 a.m.52 views

CVE-2009-4306

Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.

4.9CVSS6.3AI score0.0009EPSS
CVE
CVEadded 2008/05/02 4:5 p.m.51 views

CVE-2008-1675

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

7.2CVSS5.7AI score0.00068EPSS
CVE
CVEadded 2010/06/03 2:30 p.m.51 views

CVE-2008-7256

mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspe...

1.2CVSS7.7AI score0.00108EPSS
CVE
CVEadded 2008/05/02 4:5 p.m.50 views

CVE-2008-1294

Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.

2.1CVSS7.2AI score0.00039EPSS
CVE
CVEadded 2012/01/27 3:55 p.m.50 views

CVE-2011-4325

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.

4.9CVSS5.6AI score0.00204EPSS
CVE
CVEadded 2009/01/13 5:0 p.m.49 views

CVE-2009-0024

The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.

7.2CVSS6.7AI score0.00047EPSS
CVE
CVEadded 2009/02/17 5:30 p.m.49 views

CVE-2009-0605

Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registere...

4.9CVSS6.8AI score0.00053EPSS
CVE
CVEadded 2009/09/02 5:30 p.m.46 views

CVE-2009-3043

The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonst...

4.9CVSS6.9AI score0.00128EPSS
CVE
CVEadded 2009/10/30 8:30 p.m.46 views

CVE-2009-3623

The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer derefere...

7.8CVSS7.3AI score0.01408EPSS
CVE
CVEadded 2009/11/16 7:30 p.m.46 views

CVE-2009-3888

The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.

4.9CVSS7AI score0.00122EPSS
CVE
CVEadded 2006/11/22 1:7 a.m.41 views

CVE-2006-6057

The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.

4.9CVSS6AI score0.00064EPSS
Total number of security vulnerabilities92