Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.33:rc1
There are 1,428 matching records.
Displaying matches 1,261 through 1,280.
Vuln ID Summary CVSS Severity
CVE-2011-1076

net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key.

Published: October 04, 2011; 10:56:24 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-2184

The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.

Published: September 06, 2011; 12:55:07 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-1776

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Published: September 06, 2011; 12:55:07 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 5.6 MEDIUM
CVE-2011-1771

The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem.

Published: September 06, 2011; 12:55:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2011-2723

The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.

Published: September 06, 2011; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2011-2700

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.

Published: September 06, 2011; 11:55:07 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-2497

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

Published: August 29, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 8.3 HIGH
CVE-2011-2213

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

Published: August 29, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-2928

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

Published: August 29, 2011; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-2695

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.

Published: July 28, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-2689

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.

Published: July 28, 2011; 6:55:02 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-2492

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.

Published: July 28, 2011; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2011-1093

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

Published: July 18, 2011; 6:55:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2011-0726

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.

Published: July 18, 2011; 6:55:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4656

The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.

Published: July 18, 2011; 3:55:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2010-4655

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

Published: July 18, 2011; 3:55:00 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2011-2484

The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.

Published: June 24, 2011; 4:55:04 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-1770

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.

Published: June 24, 2011; 4:55:03 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2011-2534

Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.

Published: June 22, 2011; 7:55:01 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2011-1173

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet.

Published: June 22, 2011; 6:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM