Filtered by vendor Linux
Subscriptions
Total
7073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6418 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-08-06 | N/A |
| net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. | ||||
| CVE-2014-6417 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket. | ||||
| CVE-2014-6416 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-08-06 | N/A |
| Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | ||||
| CVE-2014-4608 | 5 Canonical, Linux, Opensuse and 2 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2024-08-06 | N/A |
| Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. | ||||
| CVE-2014-6195 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, Linux On Ibm Z, Tivoli Storage Manager and 4 more | 2024-08-06 | N/A |
| The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. | ||||
| CVE-2014-6154 | 3 Ibm, Linux, Microsoft | 3 Optim Performance Manager, Linux Kernel, Windows | 2024-08-06 | N/A |
| Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. | ||||
| CVE-2014-6184 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Tivoli Storage Manager, Linux Kernel and 1 more | 2024-08-06 | N/A |
| Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2014-5471 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more | 2024-08-06 | N/A |
| Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. | ||||
| CVE-2014-5472 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Mrg and 3 more | 2024-08-06 | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. | ||||
| CVE-2014-5333 | 6 Adobe, Apple, Google and 3 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2024-08-06 | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. | ||||
| CVE-2014-5332 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox. | ||||
| CVE-2014-5207 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-08-06 | N/A |
| fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. | ||||
| CVE-2014-5206 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-08-06 | N/A |
| The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace. | ||||
| CVE-2014-5045 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-08-06 | N/A |
| The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. | ||||
| CVE-2014-5077 | 4 Canonical, Linux, Redhat and 1 more | 12 Ubuntu Linux, Linux Kernel, Enterprise Linux and 9 more | 2024-08-06 | N/A |
| The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | ||||
| CVE-2014-4943 | 5 Debian, Linux, Opensuse and 2 more | 9 Debian Linux, Linux Kernel, Opensuse and 6 more | 2024-08-06 | N/A |
| The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. | ||||
| CVE-2014-4813 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2024-08-06 | N/A |
| Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and 7.1 before 7.1.1 on UNIX and Linux allows local users to obtain root privileges via unspecified vectors. | ||||
| CVE-2014-4806 | 2 Ibm, Linux | 2 Security Appscan, Linux Kernel | 2024-08-06 | 5.5 Medium |
| The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2014-4805 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-08-06 | N/A |
| IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | ||||
| CVE-2014-4671 | 5 Adobe, Apple, Linux and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2024-08-06 | N/A |
| Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. | ||||