National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.33:rc4
There are 2,211 matching records.
Displaying matches 1861 through 1880.
Vuln ID Summary CVSS Severity
CVE-2012-0751

The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: February 16, 2012; 02:55:00 PM -05:00
    V2: 10.0 HIGH
CVE-2010-4563

The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.

Published: February 02, 2012; 12:55:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2011-4194

Buffer overflow in Novell iPrint Server in Novell Open Enterprise Server 2 (OES2) through SP3 on Linux allows remote attackers to execute arbitrary code via a crafted attributes-natural-language field.

Published: February 01, 2012; 11:09:47 PM -05:00
    V2: 7.5 HIGH
CVE-2011-2525

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

Published: February 01, 2012; 11:09:47 PM -05:00
    V2: 7.2 HIGH
CVE-2011-1573

net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.

Published: February 01, 2012; 11:09:47 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-0450

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

Published: February 01, 2012; 11:55:01 AM -05:00
    V2: 2.1 LOW
CVE-2011-4374

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Published: January 19, 2012; 02:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2011-4160

Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.

Published: November 23, 2011; 11:01:06 PM -05:00
    V2: 3.2 LOW
CVE-2011-1478

The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.

Published: October 23, 2011; 06:55:02 AM -04:00
    V2: 5.7 MEDIUM
CVE-2011-1076

net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key.

Published: October 04, 2011; 10:56:24 PM -04:00
    V2: 7.8 HIGH
CVE-2011-2444

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 4.3 MEDIUM
CVE-2011-2430

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 9.3 HIGH
CVE-2011-2429

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 5.0 MEDIUM
CVE-2011-2428

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 9.3 HIGH
CVE-2011-2427

Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 9.3 HIGH
CVE-2011-2426

Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.

Published: September 21, 2011; 11:38:38 PM -04:00
    V2: 9.3 HIGH
CVE-2011-2837

Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.

Published: September 19, 2011; 08:02:55 AM -04:00
    V2: 7.5 HIGH
CVE-2011-2184

The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.

Published: September 06, 2011; 12:55:07 PM -04:00
    V2: 7.2 HIGH
CVE-2011-1776

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.

Published: September 06, 2011; 12:55:07 PM -04:00
    V2: 5.6 MEDIUM
CVE-2011-1771

The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem.

Published: September 06, 2011; 12:55:07 PM -04:00
    V2: 4.7 MEDIUM