Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
LinuxLinux Kernel2.6.18

148 matches found

CVE
CVEadded 2008/10/20 5:59 p.m.481 views

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

7.1CVSS8.8AI score0.00461EPSS
CVE
CVEadded 2009/06/04 4:30 p.m.301 views

CVE-2009-1385

Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via...

7.8CVSS4.7AI score0.10763EPSS
CVE
CVEadded 2009/01/07 7:30 p.m.287 views

CVE-2009-0065

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.

10CVSS5.9AI score0.08936EPSS
CVE
CVEadded 2011/05/03 7:55 p.m.178 views

CVE-2011-1495

drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information fro...

7.2CVSS7.5AI score0.00132EPSS
CVE
CVEadded 2011/05/03 7:55 p.m.142 views

CVE-2011-1494

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffe...

6.9CVSS7.7AI score0.00145EPSS
CVE
CVEadded 2009/04/27 6:0 p.m.121 views

CVE-2009-1439

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.

7.8CVSS4.8AI score0.02344EPSS
CVE
CVEadded 2009/02/27 5:30 p.m.115 views

CVE-2009-0028

The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.

2.1CVSS4.5AI score0.00215EPSS
CVE
CVEadded 2010/08/20 6:0 p.m.114 views

CVE-2010-3015

Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.

4.7CVSS7AI score0.00149EPSS
CVE
CVEadded 2009/11/09 7:30 p.m.113 views

CVE-2009-3726

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of a...

7.8CVSS5.9AI score0.05824EPSS
CVE
CVEadded 2009/02/22 10:30 p.m.112 views

CVE-2009-0676

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

2.1CVSS4.9AI score0.00169EPSS
CVE
CVEadded 2011/08/31 11:55 p.m.111 views

CVE-2011-1576

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLA...

5.7CVSS7.2AI score0.00911EPSS
CVE
CVEadded 2009/04/24 3:30 p.m.110 views

CVE-2009-1192

The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by re...

4.9CVSS4.4AI score0.0009EPSS
CVE
CVEadded 2010/03/31 6:0 p.m.107 views

CVE-2010-1188

Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not pr...

7.1CVSS5.3AI score0.02726EPSS
CVE
CVEadded 2009/07/31 7:0 p.m.106 views

CVE-2009-2406

Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related t...

6.9CVSS5.9AI score0.00252EPSS
CVE
CVEadded 2009/06/16 11:30 p.m.105 views

CVE-2009-1389

Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.

7.8CVSS5.3AI score0.05521EPSS
CVE
CVEadded 2011/05/03 7:55 p.m.105 views

CVE-2011-1577

Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on remo...

4.9CVSS7.8AI score0.00123EPSS
CVE
CVEadded 2008/11/10 4:15 p.m.104 views

CVE-2008-5029

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UN...

4.9CVSS5.5AI score0.00081EPSS
CVE
CVEadded 2011/06/22 10:55 p.m.104 views

CVE-2011-1171

net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by lev...

2.1CVSS7.5AI score0.00041EPSS
CVE
CVEadded 2010/05/07 6:30 p.m.101 views

CVE-2010-1173

The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error...

7.1CVSS6.2AI score0.11434EPSS
CVE
CVEadded 2011/05/09 7:55 p.m.101 views

CVE-2011-1090

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.

4.9CVSS7AI score0.00084EPSS
CVE
CVEadded 2011/06/22 10:55 p.m.100 views

CVE-2011-1172

net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by le...

2.1CVSS7.5AI score0.00042EPSS
CVE
CVEadded 2009/04/22 3:30 p.m.98 views

CVE-2009-1336

fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

4.9CVSS4.3AI score0.00057EPSS
CVE
CVEadded 2009/08/28 3:30 p.m.97 views

CVE-2009-2695

The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mma...

7.2CVSS6.8AI score0.00078EPSS
CVE
CVEadded 2009/02/22 10:30 p.m.95 views

CVE-2009-0675

The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted log...

2.1CVSS4.8AI score0.00076EPSS
CVE
CVEadded 2011/07/18 10:55 p.m.92 views

CVE-2011-0726

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing...

2.1CVSS6.7AI score0.0011EPSS
CVE
CVEadded 2008/06/10 12:32 a.m.91 views

CVE-2008-1673

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of ...

10CVSS6.8AI score0.18359EPSS
CVE
CVEadded 2009/01/13 5:0 p.m.91 views

CVE-2008-4307

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in ...

4CVSS6.7AI score0.00077EPSS
CVE
CVEadded 2008/05/08 12:20 a.m.90 views

CVE-2008-1669

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."

6.9CVSS7.4AI score0.00131EPSS
CVE
CVEadded 2009/04/22 3:30 p.m.89 views

CVE-2009-1338

The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

4.6CVSS4.2AI score0.00083EPSS
CVE
CVEadded 2010/12/06 8:12 p.m.89 views

CVE-2010-3066

The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag.

4.9CVSS4.9AI score0.00066EPSS
CVE
CVEadded 2009/04/22 3:30 p.m.87 views

CVE-2009-1337

The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec syste...

4.4CVSS5.3AI score0.00298EPSS
CVE
CVEadded 2009/07/31 7:0 p.m.87 views

CVE-2009-2407

Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to ...

6.9CVSS5.9AI score0.00281EPSS
CVE
CVEadded 2009/12/16 7:30 p.m.87 views

CVE-2009-4138

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet tha...

4.7CVSS7AI score0.00081EPSS
CVE
CVEadded 2008/09/29 5:17 p.m.86 views

CVE-2008-4210

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable fil...

4.6CVSS6.1AI score0.13378EPSS
CVE
CVEadded 2008/12/22 3:30 p.m.86 views

CVE-2008-5700

libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.

1.9CVSS6.9AI score0.00083EPSS
CVE
CVEadded 2009/10/19 8:0 p.m.86 views

CVE-2009-3613

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.

7.8CVSS5.9AI score0.05544EPSS
CVE
CVEadded 2009/12/13 1:30 a.m.86 views

CVE-2009-4131

The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.

7.2CVSS6.5AI score0.0009EPSS
CVE
CVEadded 2009/12/13 1:30 a.m.86 views

CVE-2009-4308

The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journ...

7.1CVSS6.9AI score0.03871EPSS
CVE
CVEadded 2007/06/11 11:30 p.m.85 views

CVE-2007-2453

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on s...

1.2CVSS5.8AI score0.00108EPSS
CVE
CVEadded 2009/09/22 10:30 a.m.85 views

CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_pe...

4.6CVSS6.9AI score0.00095EPSS
CVE
CVEadded 2010/03/19 7:30 p.m.85 views

CVE-2010-0008

The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.

7.8CVSS7.4AI score0.04145EPSS
CVE
CVEadded 2010/03/24 1:34 p.m.85 views

CVE-2010-0437

The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS)...

7.8CVSS7.6AI score0.03415EPSS
CVE
CVEadded 2013/02/13 1:55 a.m.85 views

CVE-2013-0231

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...

4.9CVSS5.8AI score0.00087EPSS
CVE
CVEadded 2008/11/18 4:0 p.m.84 views

CVE-2008-5134

Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."

10CVSS6.6AI score0.02819EPSS
CVE
CVEadded 2008/11/21 2:30 a.m.84 views

CVE-2008-5182

The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

6.9CVSS5.9AI score0.00047EPSS
CVE
CVEadded 2011/06/22 10:55 p.m.84 views

CVE-2011-1170

net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by le...

2.1CVSS7.5AI score0.00041EPSS
CVE
CVEadded 2010/04/06 10:30 p.m.83 views

CVE-2010-1084

Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfco...

7.1CVSS6.6AI score0.01393EPSS
CVE
CVEadded 2007/12/21 12:46 a.m.82 views

CVE-2007-4567

The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.

7.8CVSS6.9AI score0.05055EPSS
CVE
CVEadded 2009/11/16 7:30 p.m.82 views

CVE-2009-3889

The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.

6.6CVSS6.6AI score0.00046EPSS
CVE
CVEadded 2009/12/13 1:30 a.m.81 views

CVE-2009-4307

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_p...

7.1CVSS6.5AI score0.03356EPSS
Total number of security vulnerabilities148