Vulnerabilities > Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-08 | CVE-2008-1669 | Race Condition vulnerability in Linux Kernel Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | 6.9 |
| 2008-05-08 | CVE-2007-5498 | Resource Management Errors vulnerability in Linux Kernel 2.6.18 The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. | 4.9 |
| 2008-05-02 | CVE-2008-1675 | Resource Management Errors vulnerability in Linux Kernel The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. | 7.2 |
| 2008-05-02 | CVE-2008-1375 | Race Condition vulnerability in multiple products Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. | 6.9 |
| 2008-04-02 | CVE-2008-1628 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Audit Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. | 4.1 |
| 2008-03-11 | CVE-2008-1286 | Unspecified vulnerability in SUN Java web Console 3.0.2/3.0.3/3.0.4 Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | 7.8 |
| 2008-03-08 | CVE-2008-1214 | Code Injection vulnerability in Numara Footprints 8.1 MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. | 7.5 |
| 2008-03-08 | CVE-2008-1213 | Cross-Site Scripting vulnerability in Numara Footprints 8.1 Cross-site scripting (XSS) vulnerability in Numara FootPrints for Linux 8.1 allows remote attackers to inject arbitrary web script or HTML via the Title form field when setting an appointment. | 4.3 |
| 2008-03-06 | CVE-2008-0072 | USE of Externally-Controlled Format String vulnerability in Gnome Evolution Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | 6.8 |
| 2008-02-29 | CVE-2008-0304 | Buffer Errors vulnerability in Mozilla Seamonkey and Thunderbird Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | 7.5 |