CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0598 – kernel: linux x86_64 ia32 emulation leaks uninitialized data
https://notcve.org/view.php?id=CVE-2008-0598
30 Jun 2008 — Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary. Vulnerabilidad no especificada en el emulador 32-bit y 64-bit del núcleo de Linux 2.6.9, 2.6.18, y posiblemente otras versiones permite a usuarios locales leer memoria sin inicializar a través de vectores desconocidos involucrados en un binario manipulado. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 157EXPL: 2CVE-2008-2365 – Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service
https://notcve.org/view.php?id=CVE-2008-2365
30 Jun 2008 — Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only... • https://www.exploit-db.com/exploits/31965 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 17%CPEs: 296EXPL: 0CVE-2008-2750
https://notcve.org/view.php?id=CVE-2008-2750
18 Jun 2008 — The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. La función pppol2tp_recvmsg de drivers/net/pppol2tp.c en el kernel de Linux 2.6 anterior a 2.6.26-rc6, permite a atacantes remotos provocar una denegación de servicio (corrupción... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b6707a50c7598a83820077393f8823ab791abf8 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 11%CPEs: 271EXPL: 0CVE-2008-1673
https://notcve.org/view.php?id=CVE-2008-1673
10 Jun 2008 — The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an in... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 116EXPL: 1CVE-2008-2137
https://notcve.org/view.php?id=CVE-2008-2137
29 May 2008 — The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls. Las funciones (1) sparc_mmap_check en arch/sparc/kernel/sys_sparc.c y (2) sparc64_mmap_check en arch/sparc64/kernel/sys_spar... • http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 82%CPEs: 7EXPL: 0CVE-2008-2136 – kernel: sit memory leak
https://notcve.org/view.php?id=CVE-2008-2136
16 May 2008 — Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count. Fugas de memoria en la función ip6_rcv de net/ipv6/sit.c en el núcleo de Linux versiones anteriores a 2.6.25.3 permite a atacantes remotos provoca... • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 304EXPL: 0CVE-2008-1669 – kernel: add rcu_read_lock() to fcheck() in both dnotify, locks.c and fix fcntl store/load race in locks.c
https://notcve.org/view.php?id=CVE-2008-1669
08 May 2008 — Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." El kernel de Linux en versiones posteriores a la 2.6.25.2, no aplica determinados mecanismos de protección para la funcionalidad fcntl, la cual permite a usuarios locales (1) ejecutar código en paralelo o (2) explotar una condición de carrera (race condition) para obt... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1375 – kernel: race condition in dnotify (local DoS, local roothole possible)
https://notcve.org/view.php?id=CVE-2008-1375
02 May 2008 — Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. Una condición de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegación de servicio (OOPS) y posiblemente alcanzar p... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 221EXPL: 3CVE-2008-1675
https://notcve.org/view.php?id=CVE-2008-1675
02 May 2008 — The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. La función bdx_ioctl_priv en el controlador tehuti (archivo tehuti.c) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.25.1, no comprueba apropiadamente cierta información relacionada al tamaño del registro, que presenta un impac... • http://marc.info/?l=linux-kernel&m=120949204519706&w=2 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 143EXPL: 0CVE-2008-1294 – kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children
https://notcve.org/view.php?id=CVE-2008-1294
02 May 2008 — Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. El Kernel de Linus 2.6.17 y otras versiones anteriores a la 2.6.22 no comprueba cuándo un usuario intenta establecer el RLIMIT_CPU a 0 hasta después de que se realice el cambio, lo que permite a los usuarios locales evitar los límites a recursos establecidos. • http://bugs.gentoo.org/show_bug.cgi?id=215000 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •