CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0163
https://notcve.org/view.php?id=CVE-2008-0163
12 Feb 2008 — Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. Linux kernel 2.6, cuando usa vservers, permite a usuarios locales acceder a recursos de otros vservers a través de un ataque de enlaces simbólicos en /proc. • http://secunia.com/advisories/28875 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0007 – kernel: insufficient range checks in fault handlers with mremap
https://notcve.org/view.php?id=CVE-2008-0007
08 Feb 2008 — Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. Núcleo de Linux versiones anteriores a 2.6.22.17, cuando se usan ciertos controladores que registran un error en el manejador, que no realiza comprobaciones de rango, permite a usuarios locales acceder a la memoria del núcleo a través de un desplazamiento fuera de rango. • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 317EXPL: 0CVE-2007-6694 – /proc/cpuinfo DoS on some ppc machines
https://notcve.org/view.php?id=CVE-2007-6694
29 Jan 2008 — The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference. La función chrp_show_cpuinfo (chrp/setup.c) en Linux kernel 2.4.21 hasta 2.6.18-53, cuando funciona sobre PowerPC, podría permitir a usuarios locales provocar denegación de servicio (caida) a través de vectores desconocidos qu... • http://marc.info/?l=linux-kernel&m=119576191029571&w=2 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 30EXPL: 1CVE-2008-0352 – Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0352
17 Jan 2008 — The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). El núcleo de Linux 2.6.20 hasta 2.6.21.1 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable del sistema) mediante cierto paquete IPv6, posiblemente implicando la opción Jumbo Payload salto a salto (jumbogram). • https://www.exploit-db.com/exploits/4893 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 234EXPL: 0CVE-2008-0001 – kernel: filesystem corruption by unprivileged user via directory truncation
https://notcve.org/view.php?id=CVE-2008-0001
15 Jan 2008 — VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. VFS en el kernel de Linux versiones anteriores a 2.6.22.16 y versiones 2.6.23.x anteriores a 2.6.23.14, realiza pruebas de modo de acceso mediante el uso de la variable flag en lugar de la variable acc_mode, lo que podría permitir a usuarios locales omitir los pe... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a •
CVSS: 7.8EPSS: 14%CPEs: 30EXPL: 1CVE-2007-4567 – Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4567
21 Dec 2007 — The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. La función ipv6_hop_jumbo en el archivo net/ipv6/exthdrs.c en el kernel de Linux versiones anteriores a 2.6.22, no comprueba apropiadamente el encabezado extendido de IPv6 salto a salto, lo que permite a los atacantes remotos causar u... • https://www.exploit-db.com/exploits/30902 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2007-6417 – tmpfs: restore missing clear_highpage (kernels from 2.6.11 up)
https://notcve.org/view.php?id=CVE-2007-6417
18 Dec 2007 — The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). La función shmem_getpage (mm/shmem.c) en el kernel de Linux versión 2.6.11 hasta 2.6.23 no borra de manera apropiada la memoria asignada en algunas circunstancias extrañas relacionadas con tmpfs, lo que podría permitir a los usuarios locales leer dat... • http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2007-6206 – Issue with core dump owner
https://notcve.org/view.php?id=CVE-2007-6206
04 Dec 2007 — The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. La función do_coredump en el archivo fs/exec.c en el kernel de Linux versiones 2.4.x y versiones 2.6.x hasta 2.6.24-rc3, y posiblemente otras versiones, no cambia el UID de un archivo de volcado de núcleo si ést... • http://bugzilla.kernel.org/show_bug.cgi?id=3043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5500 – kernel hang via userspace PTRACE+waitid
https://notcve.org/view.php?id=CVE-2007-5500
20 Nov 2007 — The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information. La función wait_task_stopped en el kernel de Linux versiones anteriores a 2.6.23.8 comprueba un bit TASK_TRACED en vez de un valor exit_state, lo cual permite a usuarios locales provocar una denegación de servicio (caída d... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.23.y.git%3Ba=commitdiff%3Bh=36ef66c5d137b9a31fd8c35d236fb9e26ef74f97 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-5904 – Buffer overflow in CIFS VFS
https://notcve.org/view.php?id=CVE-2007-5904
09 Nov 2007 — Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function. Múltiples desbordamientos de búfer en el CIFS VFS en el kernel de Linux 2.6.23 y versiones anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de respuestas SMB largas, que d... • http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commitdiff%3Bh=133672efbc1085f9af990bdc145e1822ea93bcf3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •