28 matches found
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2014-2323
Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2017-18017
CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....
CVE-2010-3865
CVE-2010-3865 is a Linux kernel issue described in connected advisories as an integer overflow in the rds_rdma_pages function (net/rds/rdma.c). The vulnerability can allow local users to crash the kernel and potentially execute arbitrary code through a crafted iovec in an RDS request, triggered b...
CVE-2014-2324
CVE-2014-2323 and CVE-2014-2324 affect lighttpd prior to 1.4.35. The issues include: (1) SQL injection in mod_mysql_vhost.c via the host name (CVE-2014-2323); and (2) directory traversal via host-name input in mod_evhost and mod_simple_vhost (CVE-2014-2324). These allow remote attackers to manipu...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2015-3281
HAProxy upstream issue CVE-2015-3281 affects HAProxy 1.5.x (pre-1.5.14) and 1.6-dev, where buffer_slow_realign() mishandles the output buffer, enabling an unauthenticated remote attacker to obtain uninitialized memory from previous requests via a crafted request. Public advisories document data l...
CVE-2010-2798
The CVE-2010-2798 entry concerns the Linux kernel prior to 2.6.35, where gfs2_dirent_find_space uses an incorrect size value in calculations related to sentinel directory entries. This can allow local attackers to trigger a denial of service via a NULL pointer dereference and kernel panic, with a...
CVE-2012-0879
CVE-2012-0879 affects the Linux kernel prior to 2.6.33, where the I/O implementation for block devices mishandles the CLONE_IO feature. Local attackers can create multiple processes sharing an I/O context, causing I/O instability and a denial of service. The vulnerability is evidenced across mult...
CVE-2014-1738
CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...
CVE-2014-2706
CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...
CVE-2014-3467
GNUTLS/library libtasn1 vulnerability CVE-2014-3467 is due to multiple issues in the DER decoder of GNU Libtasn1 up to version 3.5.x (pre-3.6), exploited by crafted ASN.1 data to cause a denial of service via out-of-bounds read. The issue is confirmed in multiple advisories (F5 SOL15423, ALAS-201...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...
CVE-2013-3301
CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...
CVE-2010-2959
The CVE-2010-2959 issue affects the Linux kernel CAN subsystem, specifically the can/bcm.c implementation, due to an integer overflow vulnerability. This flaw can allow local attackers to execute arbitrary code or cause a system crash (DoS) via crafted CAN traffic. Public advisories confirm vulne...
CVE-2010-1437
CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...
CVE-2014-1739
CVE-2014-1739 affects the Linux kernel before 3.14.6, where the function media_device_enum_entities in drivers/media/media-device.c fails to initialize a data structure. This leads to an information disclosure vulnerability: a local attacker with access to /dev/media0 can read kernel memory throu...
CVE-2014-4027
CVE-2014-4027 affects the Linux kernel prior to 3.14. The flaw is in the rd_build_device_space function (drivers/target/target_core_rd.c), where a data structure is not properly initialized, enabling local users to read sensitive information from ramdisk_mcp memory by abusing access to a SCSI ini...
CVE-2012-1090
CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...
CVE-2010-2066
CVE-2010-2066 affects the Linux kernel up to version 2.6.34. The flaw is in fs/ext4/move_extent.c: the mext_check_arguments routine, which can allow a local attacker to overwrite an append-only file when using the MOVE_EXT ioctl and designating that file as the donor. The issue arises from insuff...
CVE-2010-2803
CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...
CVE-2012-1146
The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...
CVE-2010-3079
CVE-2010-3079 affects the Linux kernel up to version 2.6.35.4, specifically in kernel/trace/ftrace.c when debugfs is enabled. The issue arises from interaction between mutex possession and llseek, causing a NULL pointer dereference and outage of all ftrace-related files, leading to a local DoS. A...
CVE-2014-3468
The CVE concerns GNU Libtasn1 prior to version 3.6, where asn1_get_bit_der does not properly report an error for a negative bit length. This can enable context-dependent attackers to trigger out-of-bounds access via crafted ASN.1 data, potentially impacting applications using libtasn1. Public ref...
CVE-2010-2537
CVE-2010-2537 affects the Linux kernel’s btrfs_ioctl_clone path: the btrfs_ioctl_clone function in fs/btrfs/ioctl.c before 2.6.35 allows a local attacker to overwrite an append‑only file when using BTRFS_IOC_CLONE or BTRFS_IOC_CLONE_RANGE with a donor file. Impact is local privilege/unauthorized ...
CVE-2014-3469
CVE-2014-3469 affects GNU libtasn1 before 3.6, where the functions asn1_read_value_type and asn1_read_value may dereference a NULL ivalue. In this context, crafted ASN.1 data can trigger a NULL pointer dereference in the library, leading to a denial of service (crash). The vulnerability is noted ...
CVE-2010-2538
CVE-2010-2538: Integer overflow in btrfs_ioctl_clone (fs/btrfs/ioctl.c) of the Linux kernel before 2.6.35 may allow local users to obtain sensitive information via BTRFS_IOC_CLONE_RANGE. Public references confirm impact on local privilege/user data exposure with no remote vector. Affected compone...