Listening TCP ports are sequentially allocated, allowing spoofing attacks.
Max CVSS
6.4
EPSS Score
0.24%
Published
1997-07-01
Updated
2022-08-17
Linux implementations of TFTP would allow access to files outside the restricted directory.
Max CVSS
6.4
EPSS Score
23.65%
Published
1997-09-01
Updated
2022-08-17
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
Max CVSS
6.2
EPSS Score
0.06%
Published
2001-04-17
Updated
2016-12-08
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.
Max CVSS
6.4
EPSS Score
10.59%
Published
2005-01-10
Updated
2017-10-11
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.
Max CVSS
6.4
EPSS Score
8.38%
Published
2005-01-10
Updated
2017-10-11
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
Max CVSS
6.4
EPSS Score
0.16%
Published
2005-01-10
Updated
2017-10-11
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
Max CVSS
6.2
EPSS Score
0.06%
Published
2005-01-10
Updated
2017-10-11
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
Max CVSS
6.2
EPSS Score
0.04%
Published
2005-04-14
Updated
2017-10-11
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
Max CVSS
6.9
EPSS Score
0.07%
Published
2005-05-02
Updated
2017-10-11
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
Max CVSS
6.2
EPSS Score
0.04%
Published
2005-03-07
Updated
2017-10-11
Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root.
Max CVSS
6.9
EPSS Score
0.04%
Published
2005-03-15
Updated
2018-10-03
Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
Max CVSS
6.4
EPSS Score
0.31%
Published
2005-05-02
Updated
2017-10-11
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
Max CVSS
6.6
EPSS Score
0.06%
Published
2005-11-25
Updated
2018-10-19
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
Max CVSS
6.9
EPSS Score
0.09%
Published
2006-03-22
Updated
2023-02-13
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
Max CVSS
6.2
EPSS Score
0.07%
Published
2006-07-18
Updated
2018-10-18
Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-09-18
Updated
2008-09-05
Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-03-02
Updated
2018-10-30
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
Max CVSS
6.6
EPSS Score
0.04%
Published
2007-03-28
Updated
2018-10-16
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
Max CVSS
6.1
EPSS Score
3.18%
Published
2007-06-11
Updated
2018-10-30
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
Max CVSS
6.0
EPSS Score
0.04%
Published
2007-08-13
Updated
2017-09-29
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.
Max CVSS
6.8
EPSS Score
0.46%
Published
2007-08-13
Updated
2011-05-25
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-01-31
Updated
2008-11-15
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
Max CVSS
6.8
EPSS Score
2.70%
Published
2007-11-09
Updated
2018-10-15
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-11-21
Updated
2017-09-29
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
Max CVSS
6.9
EPSS Score
0.05%
Published
2008-05-02
Updated
2020-08-26
305 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!