Linux vulnerabilities

Showing 8201 - 8250 of 8.3K CVEs

  1. CVE-2001-1395 Published Apr 17, 2001

    Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.

  2. CVE-2001-1394 Published Apr 17, 2001

    Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.

  3. CVE-2001-1393 Published Apr 17, 2001

    Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).

  4. CVE-2001-1392 Published Apr 17, 2001

    The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.

  5. CVE-2001-1391 Published Apr 17, 2001

    Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

  6. CVE-2001-1390 Published Apr 17, 2001

    Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.

  7. CVE-2001-1273 Published Feb 12, 2001

    The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).

  8. CVE-2000-0506 Published Jun 9, 2000

    The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

  9. CVE-1999-0590 Published Jun 1, 2000

    A system does not present an appropriate legal message or warning to a user who is accessing it.

  10. CVE-2000-0344 Published May 1, 2000

    The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

  11. CVE-2000-0289 Published Mar 27, 2000

    IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

  12. CVE-2000-0227 Published Mar 23, 2000

    The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.

  13. CVE-1999-1339 Published Dec 31, 1999

    Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

  14. CVE-2000-0006 Published Dec 25, 1999

    strace allows local users to read arbitrary files via memory mapped file names.

  15. CVE-1999-0986 Published Dec 8, 1999

    The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

  16. CVE-1999-0317 Published Nov 25, 1999

    Buffer overflow in Linux su command gives root access to local users.

  17. CVE-1999-1341 Published Oct 22, 1999

    Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

  18. CVE-1999-1352 Published Sep 28, 1999

    mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.

  19. CVE-1999-0720 Published Aug 23, 1999

    The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

  20. CVE-1999-1018 Published Jul 27, 1999

    IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.

  21. CVE-1999-1166 Published Jul 11, 1999

    Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.

  22. CVE-1999-0804 Published Jun 1, 1999

    Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

  23. CVE-1999-0431 Published Mar 1, 1999

    Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

  24. CVE-1999-0414 Published Mar 1, 1999

    In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

  25. CVE-1999-0381 Published Feb 26, 1999

    super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

  26. CVE-1999-0460 Published Feb 19, 1999

    Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

  27. CVE-1999-0461 Published Jan 28, 1999

    Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

  28. CVE-1999-0400 Published Jan 26, 1999

    Denial of service in Linux 2.2.0 running the ldd command on a core file.

  29. CVE-1999-0451 Published Jan 19, 1999

    Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

  30. CVE-1999-0656 Published Jan 1, 1999

    The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

  31. CVE-1999-0401 Published Jan 1, 1999

    A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.

  32. CVE-1999-1285 Published Dec 27, 1998

    Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.

  33. CVE-1999-1276 Published Dec 7, 1998

    fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

  34. CVE-1999-0782 Published Nov 18, 1998

    KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

  35. CVE-1999-0781 Published Nov 18, 1998

    KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

  36. CVE-1999-0780 Published Nov 18, 1998

    KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

  37. CVE-1999-1441 Published Jun 30, 1998

    Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.

  38. CVE-1999-1442 Published Jun 22, 1998

    Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.

  39. CVE-1999-0257 Published Apr 1, 1998

    Nestea variation of teardrop IP fragmentation denial of service.

  40. CVE-1999-0330 Published Mar 1, 1998

    Linux bdash game has a buffer overflow that allows local users to gain root access.

  41. CVE-1999-0513 Published Jan 5, 1998

    ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

  42. CVE-1999-0216 Published Nov 1, 1997

    Denial of service of inetd on Linux through SYN and RST packets.

  43. CVE-1999-0061 Published Oct 2, 1997

    File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

  44. CVE-1999-0183 Published Sep 1, 1997

    Linux implementations of TFTP would allow access to files outside the restricted directory.

  45. CVE-1999-1225 Published Aug 24, 1997

    rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

  46. CVE-1999-0524 Published Aug 1, 1997

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  47. CVE-1999-0628 Published Jul 1, 1997

    The rwho/rwhod service is running, which exposes machine status and user information.

  48. CVE-1999-0195 Published Jul 1, 1997

    Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.

  49. CVE-1999-0074 Published Jul 1, 1997

    Listening TCP ports are sequentially allocated, allowing spoofing attacks.

  50. CVE-1999-0165 Published Mar 1, 1997

    NFS cache poisoning.