Filtered by vendor Linux
Subscriptions
Filtered by product Linux Kernel
Subscriptions
Total
8171 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-1859 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak." | ||||
CVE-2006-1858 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. | ||||
CVE-2006-1857 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | ||||
CVE-2006-1856 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | ||||
CVE-2006-1855 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | ||||
CVE-2006-1624 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | ||||
CVE-2006-1528 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. | ||||
CVE-2006-1527 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | ||||
CVE-2006-1525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. | ||||
CVE-2006-1524 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. | ||||
CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. | ||||
CVE-2006-1522 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function. | ||||
CVE-2006-1368 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure. | ||||
CVE-2006-1343 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory. | ||||
CVE-2006-1342 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory. | ||||
CVE-2006-1242 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. | ||||
CVE-2006-1066 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call. | ||||
CVE-2006-1056 | 3 Freebsd, Linux, Redhat | 3 Freebsd, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. | ||||
CVE-2006-1055 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read. | ||||
CVE-2006-1052 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. |