Vulnerabilities > Linux > Linux Kernel > 2.6.36
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-22 | CVE-2013-3076 | Information Exposure vulnerability in Linux Kernel The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. | 4.9 |
| 2013-03-01 | CVE-2011-2479 | Resource Management Errors vulnerability in Linux Kernel The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application. | 5.5 |
| 2013-02-28 | CVE-2013-0343 | IPv6 Temporary Addresses Remote Security vulnerability in Linux Kernel The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. high complexity linux | 3.2 |
| 2013-02-18 | CVE-2012-4398 | Improper Input Validation vulnerability in Linux Kernel The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | 4.9 |
| 2012-10-03 | CVE-2012-3552 | Race Condition vulnerability in multiple products Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. | 5.9 |
| 2012-05-24 | CVE-2011-4081 | NULL Pointer Dereference vulnerability in Linux Kernel crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. | 5.5 |
| 2012-05-24 | CVE-2011-3363 | Improper Input Validation vulnerability in multiple products The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. | 6.5 |
| 2012-05-24 | CVE-2011-3359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. | 7.5 |
| 2012-05-24 | CVE-2011-3353 | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. | 5.5 |
| 2012-05-24 | CVE-2011-3191 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory. | 8.8 |