System vulnerabilities

Showing 8651 - 8684 of 8.7K CVEs

  1. CVE-1999-0804 Published Jun 1, 1999

    Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

  2. CVE-1999-0431 Published Mar 1, 1999

    Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

  3. CVE-1999-0414 Published Mar 1, 1999

    In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

  4. CVE-1999-0381 Published Feb 26, 1999

    super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

  5. CVE-1999-0460 Published Feb 19, 1999

    Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

  6. CVE-1999-0461 Published Jan 28, 1999

    Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

  7. CVE-1999-0400 Published Jan 26, 1999

    Denial of service in Linux 2.2.0 running the ldd command on a core file.

  8. CVE-1999-0451 Published Jan 19, 1999

    Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

  9. CVE-1999-0656 Published Jan 1, 1999

    The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

  10. CVE-1999-0401 Published Jan 1, 1999

    A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.

  11. CVE-1999-1285 Published Dec 27, 1998

    Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.

  12. CVE-1999-1276 Published Dec 7, 1998

    fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

  13. CVE-1999-0782 Published Nov 18, 1998

    KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

  14. CVE-1999-0781 Published Nov 18, 1998

    KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

  15. CVE-1999-0780 Published Nov 18, 1998

    KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

  16. CVE-1999-1441 Published Jun 30, 1998

    Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.

  17. CVE-1999-1442 Published Jun 22, 1998

    Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.

  18. CVE-1999-0257 Published Apr 1, 1998

    Nestea variation of teardrop IP fragmentation denial of service.

  19. CVE-1999-0330 Published Mar 1, 1998

    Linux bdash game has a buffer overflow that allows local users to gain root access.

  20. CVE-1999-0513 Published Jan 5, 1998

    ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

  21. CVE-1999-0216 Published Nov 1, 1997

    Denial of service of inetd on Linux through SYN and RST packets.

  22. CVE-1999-0061 Published Oct 2, 1997

    File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

  23. CVE-1999-0183 Published Sep 1, 1997

    Linux implementations of TFTP would allow access to files outside the restricted directory.

  24. CVE-1999-1225 Published Aug 24, 1997

    rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

  25. CVE-1999-0524 Published Aug 1, 1997

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  26. CVE-1999-0628 Published Jul 1, 1997

    The rwho/rwhod service is running, which exposes machine status and user information.

  27. CVE-1999-0195 Published Jul 1, 1997

    Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.

  28. CVE-1999-0074 Published Jul 1, 1997

    Listening TCP ports are sequentially allocated, allowing spoofing attacks.

  29. CVE-1999-0165 Published Mar 1, 1997

    NFS cache poisoning.

  30. CVE-1999-0171 Published Jan 1, 1997

    Denial of service in syslog by sending it a large number of superfluous messages.

  31. CVE-1999-0128 Published Dec 18, 1996

    Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

  32. CVE-1999-1572 Published Jul 16, 1996

    cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

  33. CVE-1999-0138 Published Jun 26, 1996

    The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

  34. CVE-1999-0245 Published Sep 7, 1995

    Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".