Vulnerabilities (CVE)

Filtered by vendor Suse Subscribe
Filtered by product Linux Enterprise Desktop
Total 435 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3067 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2024-11-21 4.9 MEDIUM N/A
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-2963 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 6.2 MEDIUM N/A
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
CVE-2010-2962 5 Canonical, Fedoraproject, Linux and 2 more 7 Ubuntu Linux, Fedora, Linux Kernel and 4 more 2024-11-21 7.2 HIGH N/A
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
CVE-2010-2959 5 Debian, Fedoraproject, Linux and 2 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-11-21 7.2 HIGH N/A
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
CVE-2010-2955 4 Canonical, Linux, Opensuse and 1 more 6 Ubuntu Linux, Linux Kernel, Opensuse and 3 more 2024-11-21 2.1 LOW N/A
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size.
CVE-2010-2954 4 Canonical, Linux, Opensuse and 1 more 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more 2024-11-21 4.9 MEDIUM N/A
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.
CVE-2010-2803 4 Debian, Linux, Opensuse and 1 more 7 Debian Linux, Linux Kernel, Opensuse and 4 more 2024-11-21 1.9 LOW N/A
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.
CVE-2010-2538 3 Canonical, Linux, Suse 5 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 2 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.
CVE-2010-2478 3 Canonical, Linux, Suse 4 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 1 more 2024-11-21 7.2 HIGH N/A
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.
CVE-2010-2226 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 2.1 LOW N/A
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
CVE-2010-0395 6 Apache, Canonical, Debian and 3 more 6 Openoffice, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 9.3 HIGH N/A
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
CVE-2009-3939 7 Avaya, Canonical, Debian and 4 more 18 Aura Application Enablement Services, Aura Communication Manager, Aura Session Manager and 15 more 2024-11-21 6.6 MEDIUM 7.1 HIGH
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
CVE-2009-3612 5 Canonical, Fedoraproject, Linux and 2 more 7 Ubuntu Linux, Fedora, Linux Kernel and 4 more 2024-11-21 2.1 LOW N/A
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
CVE-2009-3238 4 Canonical, Linux, Opensuse and 1 more 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more 2024-11-21 7.8 HIGH 5.5 MEDIUM
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
CVE-2009-3095 6 Apache, Apple, Debian and 3 more 7 Http Server, Mac Os X, Debian Linux and 4 more 2024-11-21 5.0 MEDIUM N/A
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
CVE-2009-3080 7 Canonical, Debian, Linux and 4 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 7.2 HIGH N/A
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2009-2910 6 Canonical, Fedoraproject, Linux and 3 more 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more 2024-11-21 2.1 LOW N/A
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.
CVE-2009-2903 3 Canonical, Linux, Suse 6 Ubuntu Linux, Linux Kernel, Linux Enterprise Debuginfo and 3 more 2024-11-21 7.1 HIGH N/A
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.
CVE-2009-2848 8 Canonical, Fedoraproject, Linux and 5 more 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more 2024-11-21 5.9 MEDIUM N/A
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
CVE-2009-2698 6 Canonical, Fedoraproject, Linux and 3 more 12 Ubuntu Linux, Fedora, Linux Kernel and 9 more 2024-11-21 7.2 HIGH 7.8 HIGH
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.