National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,017 matching records.
Displaying matches 2941 through 2960.
Vuln ID Summary CVSS Severity
CVE-2007-1727

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.

Published: March 28, 2007; 06:19:00 AM -04:00
    V2: 6.5 MEDIUM
CVE-2007-1589

TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.

Published: March 21, 2007; 07:19:00 PM -04:00
    V2: 2.1 LOW
CVE-2007-0653

Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

Published: March 21, 2007; 06:19:00 PM -04:00
    V2: 9.3 HIGH
CVE-2006-7164

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

Published: March 20, 2007; 06:19:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2007-1496

nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.

Published: March 16, 2007; 06:19:00 PM -04:00
    V2: 4.9 MEDIUM
CVE-2007-1497

nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

Published: March 16, 2007; 06:19:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2007-1000

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

Published: March 12, 2007; 07:19:00 PM -04:00
    V2: 7.2 HIGH
CVE-2007-1398

The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.

Published: March 10, 2007; 05:19:00 PM -05:00
    V2: 7.1 HIGH
CVE-2007-1388

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

Published: March 10, 2007; 02:19:00 PM -05:00
    V2: 4.4 MEDIUM
CVE-2007-0005

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Published: March 09, 2007; 07:19:00 PM -05:00
    V2: 6.9 MEDIUM
CVE-2007-1281

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

Published: March 05, 2007; 08:19:00 PM -05:00
    V2: 7.8 HIGH
CVE-2006-7034

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

Published: February 22, 2007; 10:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-1043

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

Published: February 21, 2007; 12:28:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-0772

The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.

Published: February 20, 2007; 12:28:00 PM -05:00
    V2: 7.8 HIGH
CVE-2007-0006

The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

Published: February 06, 2007; 02:28:00 PM -05:00
    V2: 1.9 LOW
CVE-2006-5754

The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.

Published: January 30, 2007; 02:28:00 PM -05:00
    V2: 4.9 MEDIUM
CVE-2006-5749

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.

Published: December 31, 2006; 12:00:00 AM -05:00
    V2: 1.7 LOW
CVE-2006-5755

Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.

Published: December 31, 2006; 12:00:00 AM -05:00
    V2: 4.9 MEDIUM
CVE-2006-4814

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Published: December 19, 2006; 09:28:00 PM -05:00
    V2: 4.6 MEDIUM
CVE-2006-4572

ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

Published: November 06, 2006; 07:07:00 PM -05:00
    V2: 7.5 HIGH