National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.22:rc4
There are 2,409 matching records.
Displaying matches 2341 through 2360.
Vuln ID Summary CVSS Severity
CVE-2008-0010

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

Published: February 12, 2008; 04:00:00 PM -05:00
    V2: 2.1 LOW
CVE-2008-0600

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Published: February 12, 2008; 04:00:00 PM -05:00
    V2: 7.2 HIGH
CVE-2008-0007

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.

Published: February 07, 2008; 09:00:00 PM -05:00
    V2: 7.2 HIGH
CVE-2008-0212

ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.

Published: February 06, 2008; 04:00:00 PM -05:00
    V2: 7.8 HIGH
CVE-2007-4998

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

Published: January 31, 2008; 04:00:00 PM -05:00
    V2: 6.9 MEDIUM
CVE-2008-0001

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

Published: January 15, 2008; 03:00:00 PM -05:00
    V2: 3.6 LOW
CVE-2007-5616

ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.

Published: January 09, 2008; 04:46:00 PM -05:00
    V2: 7.2 HIGH
CVE-2007-6514

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

Published: December 21, 2007; 05:46:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-6482

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Published: December 20, 2007; 03:46:00 PM -05:00
    V2: 7.8 HIGH
CVE-2007-6246

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.

Published: December 19, 2007; 08:46:00 PM -05:00
    V2: 4.4 MEDIUM
CVE-2007-6417

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

Published: December 17, 2007; 07:46:00 PM -05:00
    V2: 7.2 HIGH
CVE-2007-6305

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."

Published: December 10, 2007; 04:46:00 PM -05:00
    V2: 4.6 MEDIUM
CVE-2007-6232

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

Published: December 04, 2007; 01:46:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-6206

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

Published: December 03, 2007; 07:46:00 PM -05:00
    V2: 2.1 LOW
CVE-2007-6209

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: December 03, 2007; 07:46:00 PM -05:00
    V2: 4.6 MEDIUM
CVE-2007-6045

Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.

Published: November 20, 2007; 03:46:00 PM -05:00
    V2: 10.0 HIGH
CVE-2007-6046

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.

Published: November 20, 2007; 03:46:00 PM -05:00
    V2: 7.2 HIGH
CVE-2007-6047

Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.

Published: November 20, 2007; 03:46:00 PM -05:00
    V2: 10.0 HIGH
CVE-2007-6048

IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

Published: November 20, 2007; 03:46:00 PM -05:00
    V2: 10.0 HIGH
CVE-2007-6049

Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.

Published: November 20, 2007; 03:46:00 PM -05:00
    V2: 7.2 HIGH