| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
| The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. |
| The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. |
| Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. |
| Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. |
| In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. |
| A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. |
| super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. |
| Linux bdash game has a buffer overflow that allows local users to gain root access. |
| Buffer overflow in Linux su command gives root access to local users. |
| Nestea variation of teardrop IP fragmentation denial of service. |
| Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". |
| Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service. |
| The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. |
| The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. |