CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2008-3889
https://notcve.org/view.php?id=CVE-2008-3889
12 Sep 2008 — Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file. Postfix versión 2.4 anteriores a la 2.4.9, versión 2.5 anteriores a la 2.5.5 y versión 2.6 anteriores a la 2.6-2000902, cuando se utiliza con el nucleo de Linux versión 2.6... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 66%CPEs: 63EXPL: 0CVE-2008-3915 – kernel: nfsd: fix buffer overrun decoding NFSv4 acl
https://notcve.org/view.php?id=CVE-2008-3915
09 Sep 2008 — Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. Desbordamiento del búfer en nfsd en el kernel de Linux anterior a 2.6.26.4, cuando NFSv4 está activado, permite a atacantes remotos realizar acciones con un impacto desconocido a través de vectores que están relacionados con la decodificación de un NFSv4 acl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-3911
https://notcve.org/view.php?id=CVE-2008-3911
04 Sep 2008 — The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file. La función proc_do_xprt de net/sunrpc/sysctl.c del núcleo de Linux 2.6.26.3, no comprueba el tamaño de determinado búfer obtenido del espacio de usuario (userspace), esto permite a los usuarios loca... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27df6f25ff218072e0e879a96beeb398a79cdbc8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2007-6716 – kernel: dio: zero struct dio with kzalloc instead of manually
https://notcve.org/view.php?id=CVE-2007-6716
04 Sep 2008 — fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. fs/direct-io.c del subsistema dio del núcleo de Linux anterior a 2.6.23, no suprime de forma correcta la estructura dio, esto permite a usuario locales provocar una denegación de servicio (OOPS), como se ha demostrado en determinados test fio. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=848c4dd5153c7a0de55470ce99a8e13a63b4703f •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-3792 – kernel: sctp: fix potential panics in the SCTP-AUTH API
https://notcve.org/view.php?id=CVE-2008-3792
03 Sep 2008 — net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e739d1752aca4e8f3e794d431503bfca3162df4 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3901
https://notcve.org/view.php?id=CVE-2008-3901
03 Sep 2008 — Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Software suspend 2 2-2.2.1, cuando se utiliza con Linux kernel 2.6.16, almacena contraseñas de autenticación de pre-arranque en el búfer BIOS Keyboard y no limpia este búfer después del uso, lo cual permite... • http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-3525 – kernel: missing capability checks in sbni_ioctl()
https://notcve.org/view.php?id=CVE-2008-3525
03 Sep 2008 — The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. La función sbni_ioctl en drivers/net/wan/sbni.c del subsistema WAN en Linux kernel 2.6.26.3 no chequea la capacidad CAP_NET_ADMIN antes de procesar una petición ioctl (1) ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 33EXPL: 0CVE-2008-3526 – Linux kernel sctp_setsockopt_auth_key() integer overflow
https://notcve.org/view.php?id=CVE-2008-3526
27 Aug 2008 — Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option. Desbordamiento de entero en la función sctp_setsockopt_auth_key de net/sctp/socket.c en la implementación Stream Control Transmission Protoc... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=30c2235cbc477d4629983d440cdc4f496fec9246 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 69%CPEs: 126EXPL: 0CVE-2008-3276 – Linux kernel dccp_setsockopt_change() integer overflow
https://notcve.org/view.php?id=CVE-2008-3276
18 Aug 2008 — Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field. Desbordamiento de entero en la función dccp_setsockopt_change de net/dccp/proto.c en el subsistema Datagram Congestion Control Protocol (DCCP (Pr... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=3e8a0a559c66ee9e7468195691a56fefc3589740 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-3686
https://notcve.org/view.php?id=CVE-2008-3686
14 Aug 2008 — The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference. La función rt6_fill_node en el archivo net/ipv6/route.c en el kernel de Linux versiones 2.6.26-rc4, 2.6.26.2, y posiblemente otras versiones 2.6.26, permite a los usuarios locales causar una denegación de servicio (OOPS del kernel)... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5e0115e500fe9dd2ca11e6f92db9123204f1327a • CWE-399: Resource Management Errors •