CVSS: 7.8EPSS: 14%CPEs: 412EXPL: 1CVE-2009-1389 – kernel: r8169: fix crash when large packets are received
https://notcve.org/view.php?id=CVE-2009-1389
16 Jun 2009 — Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. Desbordamiento de memoria en el driver RTL8169 NIC (drivers/net/r8169.c) en el kernel de Linux anteriores a v2.6.30 permite a atacantes remotos producir una denegación de servicio (consumo de memoria del kernel y caída) a través de un paquete largo. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=fdd7b4c3302c93f6833e338903ea77245eb510b4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 17%CPEs: 296EXPL: 0CVE-2008-2750
https://notcve.org/view.php?id=CVE-2008-2750
18 Jun 2008 — The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. La función pppol2tp_recvmsg de drivers/net/pppol2tp.c en el kernel de Linux 2.6 anterior a 2.6.26-rc6, permite a atacantes remotos provocar una denegación de servicio (corrupción... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b6707a50c7598a83820077393f8823ab791abf8 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 11%CPEs: 271EXPL: 0CVE-2008-1673
https://notcve.org/view.php?id=CVE-2008-1673
10 Jun 2008 — The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an in... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
08 May 2008 — Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obt... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 317EXPL: 0CVE-2007-6694 – /proc/cpuinfo DoS on some ppc machines
https://notcve.org/view.php?id=CVE-2007-6694
29 Jan 2008 — The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. La función chrp_show_cpuinfo (chrp/setup.c) en Linux kernel 2.4.21 hasta 2.6.18-53, cuando funciona sobre PowerPC, podría permitir a usuarios locales provocar denegación de servicio (caida) a través de vectores desconocidos qu... • http://marc.info/?l=linux-kernel&m=119576191029571&w=2 • CWE-399: Resource Management Errors •
CVSS: 6.2EPSS: 0%CPEs: 191EXPL: 0CVE-2007-5093 – kernel PWC driver DoS
https://notcve.org/view.php?id=CVE-2007-5093
26 Sep 2007 — The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. El método disconnect en el controlador Philips USB Webcam (pwc) e... • http://marc.info/?l=linux-kernel&m=118873457814808&w=2 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3945
https://notcve.org/view.php?id=CVE-2007-3945
23 Jul 2007 — Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. Rule Set Based Access Control (RSBAC) anterior a 1.3.5 no utiliza de forma adecuada el API Crypto Linux Kernel del Linux kernel 2.6.x, el permite a atacantes dependientes del contexto evitar con... • http://download.rsbac.org/code/1.3.5/changes-1.3.5.txt •
CVSS: 7.5EPSS: 4%CPEs: 252EXPL: 0CVE-2007-2876 – nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
https://notcve.org/view.php?id=CVE-2007-2876
11 Jun 2007 — The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. La función sctp_new en (1) ip_conntrack_proto_sctp.c y (2) nf_conntrack_proto_sctp.c en Netfilter en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, permite a atacantes remotos provocar deneg... • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 252EXPL: 0CVE-2007-2453 – /dev/random broken
https://notcve.org/view.php?id=CVE-2007-2453
11 Jun 2007 — The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. La característica de número aleatorio en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, (1) no rellena adecuadamente la quiniela cuando no hay entropia, o ... • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 211EXPL: 0CVE-2006-5823
https://notcve.org/view.php?id=CVE-2006-5823
09 Nov 2006 — The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. La función zlib_inflate en el núcleo de Linux 2.6.x permite a usuarios locales provocar una denegación de servicio (caída) mediante un sistema de ficheros mal formado que utiliza compresión zlib que provoca una corrupción de memoria, como se ha demostrado utilizando cramfs. • http://projects.info-pull.com/mokb/MOKB-07-11-2006.html •