CVSS: 7.8EPSS: 14%CPEs: 30EXPL: 1CVE-2007-4567 – Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4567
21 Dec 2007 — The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. La función ipv6_hop_jumbo en el archivo net/ipv6/exthdrs.c en el kernel de Linux versiones anteriores a 2.6.22, no comprueba apropiadamente el encabezado extendido de IPv6 salto a salto, lo que permite a los atacantes remotos causar u... • https://www.exploit-db.com/exploits/30902 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6206 – Issue with core dump owner
https://notcve.org/view.php?id=CVE-2007-6206
04 Dec 2007 — The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. La función do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de núcleo si ést... • http://bugzilla.kernel.org/show_bug.cgi?id=3043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5500 – kernel hang via userspace PTRACE+waitid
https://notcve.org/view.php?id=CVE-2007-5500
20 Nov 2007 — The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. La función wait_task_stopped en el kernel de Linux versiones anteriores a 2.6.23.8 comprueba un bit TASK_TRACED en vez de un valor exit_state, lo cual permite a usuarios locales provocar una denegación de servicio (caída d... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.23.y.git%3Ba=commitdiff%3Bh=36ef66c5d137b9a31fd8c35d236fb9e26ef74f97 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-5904 – Buffer overflow in CIFS VFS
https://notcve.org/view.php?id=CVE-2007-5904
09 Nov 2007 — Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. Múltiples desbordamientos de búfer en el CIFS VFS en el kernel de Linux 2.6.23 y versiones anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de respuestas SMB largas, que d... • http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commitdiff%3Bh=133672efbc1085f9af990bdc145e1822ea93bcf3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 18%CPEs: 1EXPL: 0CVE-2007-4997 – kernel ieee80211 off-by-two integer underflow
https://notcve.org/view.php?id=CVE-2007-4997
06 Nov 2007 — Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error." desbordamiento inferior de entero en la funcióni eee80211_rx en net/ieee80211/ieee80211_rx.c en el nucleo de Linux 2.6.x anterior a 2.6.23 permite a atacantes remotos provocar denegación de servicio ... • ftp://ftp.kernel.org/pub/linux/kernel/people/bunk/linux-2.6.16.y/testing/ChangeLog-2.6.16.57-rc1 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3850 – kernel LTC31426-4k page mapping support for userspace in 64k kernels
https://notcve.org/view.php?id=CVE-2007-3850
23 Oct 2007 — The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. El controlador eHCA en el kernel de Linux 2.6 anterior a 2.6.22, cuando funciona sobre PowerPC, no mapea de forma adecuada el espacio de usuario, lo cual permite a usuarios locales leer porciones de espacio de direcciones físicas. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=721151d004dcf01a71b12bb6b893f9160284cf6e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4133 – prio_tree unit kernel panic
https://notcve.org/view.php?id=CVE-2007-4133
04 Oct 2007 — The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors. Las funciones (1) hugetlb_vmtruncate_list y (2) hugetlb_vmtruncate en fs/hugetlbfs/inode.c del núcleo de Linux anterior a 2.6.19-rc4 realiza determinados cálculos prio_tree usando unidades HPAGE_SIZE en lugar d... • http://secunia.com/advisories/26994 •
CVSS: 6.2EPSS: 0%CPEs: 191EXPL: 0CVE-2007-5093 – kernel PWC driver DoS
https://notcve.org/view.php?id=CVE-2007-5093
26 Sep 2007 — The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. El método disconnect en el controlador Philips USB Webcam (pwc) e... • http://marc.info/?l=linux-kernel&m=118873457814808&w=2 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4571 – Linux Kernel 2.6.x - ALSA snd-page-alloc Local Proc File Information Disclosure
https://notcve.org/view.php?id=CVE-2007-4571
26 Sep 2007 — The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. La función snd_mem_proc_read en sound/core/memalloc.c de Advanced Linux Sound Architecture (ALSA) en el núcleo de Linux anterior a 2.6.22.8 no devuelve el t... • https://www.exploit-db.com/exploits/30605 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5087
https://notcve.org/view.php?id=CVE-2007-5087
26 Sep 2007 — The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded. El módulo ATM en el núcleo Linux anterior a 2.4.35.3, cuando el soporte de CLIP está habilitado, permite a usuarios locales provocar una denegación de servicio (kernel panic) leyendo /proc/net/atm/arp antes de que el módulo CLIP se haya cargado. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.35.y.git%3Ba=commitdiff%3Bh=b7ae15e7707050baafe5a35e3d4f2d175197d222 • CWE-264: Permissions, Privileges, and Access Controls •