Filtered by vendor Linux
Subscribe
Total
13197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4302 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2025-04-11 | 4.9 MEDIUM | N/A |
| /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. | |||||
| CVE-2012-2133 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
| Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. | |||||
| CVE-2013-0311 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 6.5 MEDIUM | N/A |
| The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. | |||||
| CVE-2012-4143 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2025-04-11 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2010-2071 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.6 MEDIUM | N/A |
| The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl. | |||||
| CVE-2010-4081 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 1.9 LOW | N/A |
| The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call. | |||||
| CVE-2011-3188 | 3 F5, Linux, Redhat | 15 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 12 more | 2025-04-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | |||||
| CVE-2010-4083 | 4 Debian, Linux, Opensuse and 1 more | 7 Debian Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 1.9 LOW | N/A |
| The copy_semid_to_user function in ipc/sem.c in the Linux kernel before 2.6.36 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call. | |||||
| CVE-2011-0726 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. | |||||
| CVE-2010-2219 | 3 Adobe, Linux, Microsoft | 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors. | |||||
| CVE-2014-0038 | 2 Linux, Opensuse | 2 Linux Kernel, Opensuse | 2025-04-11 | 6.9 MEDIUM | N/A |
| The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. | |||||
| CVE-2011-2837 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors. | |||||
| CVE-2011-1180 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. | |||||
| CVE-2012-2037 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. | |||||
| CVE-2013-2891 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. | |||||
| CVE-2011-1412 | 4 Ioquake3, Linux, Openarena and 1 more | 4 Ioquake3 Engine, Linux Kernel, Openarena and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable. | |||||
| CVE-2013-7265 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2010-4161 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 4.9 MEDIUM | N/A |
| The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158. | |||||