Vendor CVEs
Linux
All CVEs
15,998 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0316 | 0.03 | — | 0.01 | May 3, 2001 | Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. | |||
| CVE-2000-0263 | 0.03 | — | 0.01 | Apr 16, 2000 | The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. | |||
| CVE-2000-0274 | 0.03 | — | 0.01 | Apr 10, 2000 | The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. | |||
| CVE-2000-0227 | 0.03 | — | 0.01 | Mar 23, 2000 | The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets. | |||
| CVE-2000-0231 | 0.03 | — | 0.01 | Mar 16, 2000 | Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. | |||
| CVE-2000-0107 | 0.03 | — | 0.01 | Feb 1, 2000 | Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. | |||
| CVE-1999-0986 | 0.03 | — | 0.04 | Dec 8, 1999 | The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | |||
| CVE-2000-0362 | 0.03 | — | 0.01 | Oct 22, 1999 | Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. | |||
| CVE-1999-0767 | 0.03 | — | 0.01 | Sep 8, 1999 | Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. | |||
| CVE-1999-0720 | 0.03 | — | 0.01 | Aug 23, 1999 | The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. | |||
| CVE-1999-1166 | 0.03 | — | 0.01 | Jul 11, 1999 | Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. | |||
| CVE-1999-0804 | 0.03 | — | 0.06 | Jun 1, 1999 | Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths. | |||
| CVE-1999-0381 | 0.03 | — | 0.01 | Feb 26, 1999 | super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. | |||
| CVE-1999-0460 | 0.03 | — | 0.01 | Feb 19, 1999 | Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. | |||
| CVE-1999-0400 | 0.03 | — | 0.01 | Jan 26, 1999 | Denial of service in Linux 2.2.0 running the ldd command on a core file. | |||
| CVE-1999-0451 | 0.03 | — | 0.01 | Jan 19, 1999 | Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. | |||
| CVE-1999-1441 | 0.03 | — | 0.01 | Jun 30, 1998 | Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it. | |||
| CVE-1999-1442 | 0.03 | — | 0.01 | Jun 22, 1998 | Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments. | |||
| CVE-2018-5391 | Hig | 0.02 | 7.5 | 0.25 | Sep 6, 2018 | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in… | ||
| CVE-2024-0582 | Hig | 0.01 | 7.8 | 0.13 | Jan 16, 2024 | A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2023-32233 | Hig | 0.01 | 7.8 | 0.13 | May 8, 2023 | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are… | ||
| CVE-2022-4379 | Hig | 0.01 | 7.5 | 0.06 | Jan 10, 2023 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial | ||
| CVE-2021-20322 | Hig | 0.01 | 7.4 | 0.07 | Feb 18, 2022 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP… | ||
| CVE-2021-33909 | Hig | 0.01 | 7.8 | 0.10 | Jul 20, 2021 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | ||
| CVE-2018-20961 | Cri | 0.01 | 9.8 | 0.06 | Aug 7, 2019 | In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2019-11683 | Cri | 0.01 | 9.8 | 0.07 | May 2, 2019 | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling… | ||
| CVE-2018-14633 | Hig | 0.01 | 7.0 | 0.09 | Sep 25, 2018 | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes… | ||
| CVE-2018-12232 | Med | 0.01 | 5.9 | 0.07 | Jun 12, 2018 | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference… | ||
| CVE-2015-4004 | 0.01 | — | 0.08 | Jun 7, 2015 | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. | |||
| CVE-2014-2649 | 0.01 | — | 0.06 | Oct 10, 2014 | Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2010-2521 | 0.01 | — | 0.09 | Sep 7, 2010 | Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to… | |||
| CVE-2009-4538 | 0.01 | — | 0.08 | Jan 12, 2010 | drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. | |||
| CVE-2009-2846 | 0.01 | — | 0.08 | Aug 18, 2009 | The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes… | |||
| CVE-2008-1673 | 0.01 | — | 0.07 | Jun 10, 2008 | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers… | |||
| CVE-2006-1857 | 0.01 | — | 0.07 | May 22, 2006 | Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | |||
| CVE-1999-0074 | 0.01 | — | 0.08 | Jul 1, 1997 | Listening TCP ports are sequentially allocated, allowing spoofing attacks. | |||
| CVE-2026-53363 | 0.00 | — | 0.00 | Jul 10, 2026 | kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() | |||
| CVE-2026-53361 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 … | |||
| CVE-2026-53362 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as … | |||
| CVE-2026-53359 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and… | |||
| CVE-2026-53343 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow | |||
| CVE-2026-53328 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() | |||
| CVE-2026-53332 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd | |||
| CVE-2026-53334 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: mm/damon/reclaim: handle ctx allocation failure | |||
| CVE-2026-53335 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: mm/damon/lru_sort: handle ctx allocation failure | |||
| CVE-2026-53336 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: nvmem: layouts: onie-tlv: fix hang on unknown types | |||
| CVE-2026-53338 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() | |||
| CVE-2026-53345 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying | |||
| CVE-2026-53351 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI | |||
| CVE-2026-53356 | 0.00 | — | 0.00 | Jul 1, 2026 | kernel: drm/i915/gem: Fix phys BO pread/pwrite with offset |
- CVE-2001-0316May 3, 2001risk 0.03cvss —epss 0.01
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
- CVE-2000-0263Apr 16, 2000risk 0.03cvss —epss 0.01
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
- CVE-2000-0274Apr 10, 2000risk 0.03cvss —epss 0.01
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
- CVE-2000-0227Mar 23, 2000risk 0.03cvss —epss 0.01
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
- CVE-2000-0231Mar 16, 2000risk 0.03cvss —epss 0.01
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
- CVE-2000-0107Feb 1, 2000risk 0.03cvss —epss 0.01
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
- CVE-1999-0986Dec 8, 1999risk 0.03cvss —epss 0.04
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
- CVE-2000-0362Oct 22, 1999risk 0.03cvss —epss 0.01
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
- CVE-1999-0767Sep 8, 1999risk 0.03cvss —epss 0.01
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
- CVE-1999-0720Aug 23, 1999risk 0.03cvss —epss 0.01
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
- CVE-1999-1166Jul 11, 1999risk 0.03cvss —epss 0.01
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
- CVE-1999-0804Jun 1, 1999risk 0.03cvss —epss 0.06
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
- CVE-1999-0381Feb 26, 1999risk 0.03cvss —epss 0.01
super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.
- CVE-1999-0460Feb 19, 1999risk 0.03cvss —epss 0.01
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
- CVE-1999-0400Jan 26, 1999risk 0.03cvss —epss 0.01
Denial of service in Linux 2.2.0 running the ldd command on a core file.
- CVE-1999-0451Jan 19, 1999risk 0.03cvss —epss 0.01
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
- CVE-1999-1441Jun 30, 1998risk 0.03cvss —epss 0.01
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
- CVE-1999-1442Jun 22, 1998risk 0.03cvss —epss 0.01
Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.
- risk 0.02cvss 7.5epss 0.25
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in…
- risk 0.01cvss 7.8epss 0.13
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- risk 0.01cvss 7.8epss 0.13
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are…
- risk 0.01cvss 7.5epss 0.06
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
- risk 0.01cvss 7.4epss 0.07
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP…
- risk 0.01cvss 7.8epss 0.10
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
- risk 0.01cvss 9.8epss 0.06
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.01cvss 9.8epss 0.07
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling…
- risk 0.01cvss 7.0epss 0.09
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes…
- risk 0.01cvss 5.9epss 0.07
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference…
- CVE-2015-4004Jun 7, 2015risk 0.01cvss —epss 0.08
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
- CVE-2014-2649Oct 10, 2014risk 0.01cvss —epss 0.06
Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2010-2521Sep 7, 2010risk 0.01cvss —epss 0.09
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to…
- CVE-2009-4538Jan 12, 2010risk 0.01cvss —epss 0.08
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
- CVE-2009-2846Aug 18, 2009risk 0.01cvss —epss 0.08
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes…
- CVE-2008-1673Jun 10, 2008risk 0.01cvss —epss 0.07
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers…
- CVE-2006-1857May 22, 2006risk 0.01cvss —epss 0.07
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
- CVE-1999-0074Jul 1, 1997risk 0.01cvss —epss 0.08
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
- CVE-2026-53363Jul 10, 2026risk 0.00cvss —epss 0.00
kernel: xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
- CVE-2026-53361Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 …
- CVE-2026-53362Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as …
- CVE-2026-53359Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and…
- CVE-2026-53343Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
- CVE-2026-53328Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
- CVE-2026-53332Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
- CVE-2026-53334Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: mm/damon/reclaim: handle ctx allocation failure
- CVE-2026-53335Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: mm/damon/lru_sort: handle ctx allocation failure
- CVE-2026-53336Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: nvmem: layouts: onie-tlv: fix hang on unknown types
- CVE-2026-53338Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
- CVE-2026-53345Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying
- CVE-2026-53351Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI
- CVE-2026-53356Jul 1, 2026risk 0.00cvss —epss 0.00
kernel: drm/i915/gem: Fix phys BO pread/pwrite with offset
Page 240 of 320