Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Esx
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 84 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-09-21 | CVE-2010-3078 | The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | Ubuntu_linux, Linux_kernel, Opensuse, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Esx | 5.5 | ||
| 2010-09-24 | CVE-2010-3081 | The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. | Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Esx | 7.8 | ||
| 2010-09-30 | CVE-2010-2943 | The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. | Aura_communication_manager, Aura_presence_services, Aura_session_manager, Aura_system_manager, Aura_system_platform, Aura_voice_portal, Iq, Ubuntu_linux, Linux_kernel, Esx | 8.1 | ||
| 2010-12-29 | CVE-2010-4343 | drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file. | Linux_kernel, Esx | 5.5 | ||
| 2011-01-11 | CVE-2010-4526 | Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | Linux_kernel, Enterprise_mrg, Esx | N/A | ||
| 2011-01-18 | CVE-2010-4263 | The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame. | Linux_kernel, Esx, Esxi | N/A | ||
| 2011-05-26 | CVE-2010-4251 | The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests. | Linux_kernel, Enterprise_linux, Esx | 7.5 | ||
| 2011-07-18 | CVE-2010-4655 | net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | Ubuntu_linux, Linux_kernel, Esx | 5.5 | ||
| 2009-08-18 | CVE-2009-2848 | The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | Ubuntu_linux, Fedora, Linux_kernel, Linux_desktop, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Esx, Vma | N/A | ||
| 2009-05-14 | CVE-2009-1630 | The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. | Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Esx | N/A |