Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendfile sendfile vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2001-0623
sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local malicious users to gain privileges.
Sendfile Sendfile
2 EDB exploits
7.2
CVSSv2
CVE-2010-2693
FreeBSD 7.1 up to and including 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.
Freebsd Freebsd 7.1
Freebsd Freebsd 7.2
Freebsd Freebsd 7.3
Freebsd Freebsd 8.0
Freebsd Freebsd 8.1
1 EDB exploit
10
CVSSv2
CVE-2005-0708
The sendfile system call in FreeBSD 4.8 up to and including 4.11 and 5 up to and including 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote malicious users to obtain sensitive information.
Dragonflybsd Dragonflybsd 1.1
Freebsd Freebsd 4.0
Freebsd Freebsd 4.10
Freebsd Freebsd 4.3
Freebsd Freebsd 4.5
Freebsd Freebsd 4.6
Freebsd Freebsd 4.7
Freebsd Freebsd 4.8
Freebsd Freebsd 4.9
Freebsd Freebsd 5.1
Freebsd Freebsd 5.3
Dragonflybsd Dragonflybsd 1.0
Freebsd Freebsd 4.1.1
Freebsd Freebsd 5.0
Freebsd Freebsd 5.2.1
Freebsd Freebsd 4.11
Freebsd Freebsd 4.2
Freebsd Freebsd 4.4
Freebsd Freebsd 5.4
Freebsd Freebsd 4.1
Freebsd Freebsd 4.6.2
Freebsd Freebsd 5.2
2.6
CVSSv2
CVE-2003-1135
Buffer overflow in Yahoo! Messenger 5.6 allows remote malicious users to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
Yahoo Messenger 5.6
1 EDB exploit
4.9
CVSSv2
CVE-2009-2912
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
Sun Opensolaris Snv 05
Sun Opensolaris Snv 06
Sun Opensolaris Snv 25
Sun Opensolaris Snv 30
Sun Opensolaris Snv 31
Sun Opensolaris Snv 40
Sun Opensolaris Snv 39
Sun Opensolaris Snv 48
Sun Opensolaris Snv 45
Sun Opensolaris Snv 46
Sun Opensolaris Snv 52
Sun Opensolaris Snv 51
Sun Opensolaris Snv 66
Sun Opensolaris Snv 65
Sun Opensolaris Snv 77
Sun Opensolaris Snv 79
Sun Opensolaris Snv 90
Sun Opensolaris Snv 89
Sun Opensolaris Snv 82
Sun Opensolaris Snv 91
Sun Opensolaris Snv 92
Sun Opensolaris Snv 21
4.9
CVSSv2
CVE-2008-0777
The sendfile system call in FreeBSD 5.5 up to and including 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
Freebsd Freebsd 7.0
Freebsd Freebsd 6.2
Freebsd Freebsd 5.5
Freebsd Freebsd 6.3
4.7
CVSSv2
CVE-2013-5666
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive information (kernel memory) via a length greater than the length of the file.
Freebsd Freebsd 9.2
NA
CVE-2024-26640
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must n...
7.1
CVSSv2
CVE-2008-3666
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent malicious users to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by a...
Sun Opensolaris Snv 01
Sun Opensolaris Snv 04
Sun Opensolaris Snv 06
Sun Opensolaris Snv 07
Sun Opensolaris Snv 09
Sun Opensolaris Snv 10
Sun Opensolaris Snv 12
Sun Opensolaris Snv 15
Sun Opensolaris Snv 18
Sun Opensolaris Snv 20
Sun Opensolaris Snv 21
Sun Opensolaris Snv 23
Sun Opensolaris Snv 24
Sun Opensolaris Snv 26
Sun Opensolaris Snv 29
Sun Opensolaris Snv 32
Sun Opensolaris Snv 34
Sun Opensolaris Snv 35
Sun Opensolaris Snv 37
Sun Opensolaris Snv 40
Sun Opensolaris Snv 43
Sun Opensolaris Snv 45
4.4
CVSSv2
CVE-2011-2526
Apache Tomcat 5.5.x prior to 5.5.34, 6.x prior to 6.0.33, and 7.x prior to 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial...
Apache Tomcat 5.5.27
Apache Tomcat 5.5.18
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 5.5.11
Apache Tomcat 5.5.28
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 5.5.5
Apache Tomcat 5.5.30
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 5.5.3
Apache Tomcat 5.5.32
Apache Tomcat 5.5.31
Apache Tomcat 5.5.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »