Export limit exceeded: 19681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2888 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. | ||||
| CVE-2013-4350 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2012-3510 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. | ||||
| CVE-2010-3301 | 4 Canonical, Linux, Redhat and 1 more | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. | ||||
| CVE-2013-1796 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | N/A |
| The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. | ||||
| CVE-2013-0349 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. | ||||
| CVE-2012-2669 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. | ||||
| CVE-2014-0498 | 5 Adobe, Apple, Linux and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2011-0726 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. | ||||
| CVE-2011-1675 | 2 Linux, Redhat | 2 Util-linux, Enterprise Linux | 2025-04-11 | N/A |
| mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||||
| CVE-2010-1173 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. | ||||
| CVE-2011-1090 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. | ||||
| CVE-2011-1126 | 2 Linux, Vmware | 3 Linux Kernel, Vix Api, Workstation | 2025-04-11 | N/A |
| VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory. | ||||
| CVE-2013-3344 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2010-0309 | 2 Linux, Redhat | 3 Kernel, Enterprise Linux, Rhel Virtualization | 2025-04-11 | N/A |
| The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file. | ||||
| CVE-2010-3081 | 4 Linux, Redhat, Suse and 1 more | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2025-04-11 | 7.8 High |
| The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | ||||
| CVE-2012-2121 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Virtualization | 2025-04-11 | N/A |
| The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. | ||||
| CVE-2013-6367 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | N/A |
| The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. | ||||
| CVE-2010-0415 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set. | ||||
| CVE-2012-2745 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. | ||||