Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.28:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0322 |
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. Published: January 28, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0269 |
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. Published: January 26, 2009; 10:30:04 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0031 |
Memory leak in the keyctl_join_session_keyring function (security/keys/keyctl.c) in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service (kernel memory consumption) via unknown vectors related to a "missing kfree." Published: January 20, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0029 |
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. Published: January 15, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-5702 |
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. Published: December 22, 2008; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-5701 |
Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table. Published: December 22, 2008; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2008-5499 |
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file. Published: December 17, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-5395 |
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses. Published: December 08, 2008; 7:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-5300 |
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. Published: December 01, 2008; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-5182 |
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. Published: November 20, 2008; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2008-5025 |
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. Published: November 17, 2008; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-4933 |
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. Published: November 05, 2008; 10:00:14 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-3671 |
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: August 13, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3579 |
Calacode @Mail 5.41 on Linux does not require administrative authentication for build-plesk-upgrade.php, which allows remote attackers to obtain sensitive information by creating and downloading a backup archive of the entire @Mail directory tree. NOTE: this can be leveraged for remote exploitation of CVE-2008-3395. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: August 10, 2008; 5:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-3389 |
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Published: August 05, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2008-1810 |
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. Published: August 01, 2008; 10:41:00 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2008-3395 |
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: July 31, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1286 |
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. Published: March 11, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-1213 |
Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: March 07, 2008; 7:44:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1214 |
MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: March 07, 2008; 7:44:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |