CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3105 – Bound check ordering issue in random driver
https://notcve.org/view.php?id=CVE-2007-3105
27 Jul 2007 — Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for r... • http://secunia.com/advisories/26500 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3945
https://notcve.org/view.php?id=CVE-2007-3945
23 Jul 2007 — Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes. Rule Set Based Access Control (RSBAC) anterior a 1.3.5 no utiliza de forma adecuada el API Crypto Linux Kernel del Linux kernel 2.6.x, el permite a atacantes dependientes del contexto evitar con... • http://download.rsbac.org/code/1.3.5/changes-1.3.5.txt •
CVSS: 5.5EPSS: 0%CPEs: 172EXPL: 0CVE-2007-3107
https://notcve.org/view.php?id=CVE-2007-3107
10 Jul 2007 — The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. El manejo de señal en el kernel de Linux versiones anteriores a 2.6.22, incluyendo a 2.6.2, cuando se ejecuta en sistemas PowerPC que usan HTX, permite a usuarios locales causar una denegación de servicio por medio de vectores no especific... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245580 •
CVSS: 7.8EPSS: 27%CPEs: 241EXPL: 0CVE-2007-3642
https://notcve.org/view.php?id=CVE-2007-3642
10 Jul 2007 — The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. Una función decode_choice en el archivo net/netfilter/nf_conntrack_h323_asn1.c en el kernel de Linux versiones anteriores a 2.6.20.15, versiones 2.6.21.x anteriores a 2.6.21.6, y versiones anterio... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=25845b5155b55cd77e42655ec24161ba3feffa47 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3513 – Locally triggerable memory consumption in usblcd
https://notcve.org/view.php?id=CVE-2007-3513
03 Jul 2007 — The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). La función lcd_write en drivers/usb/misc/usblcd.c del núcleo de Linux anterior a 2.6.22-rc7 no limita la cantidad de memoria utilizada por una llamada, lo cual permite a usuarios locales provocar una denegación de servicio (agotamiento de memoria). • http://osvdb.org/37116 •
CVSS: 7.5EPSS: 4%CPEs: 252EXPL: 0CVE-2007-2876 – nf}_conntrack_sctp: remotely triggerable NULL ptr dereference
https://notcve.org/view.php?id=CVE-2007-2876
11 Jun 2007 — The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. La función sctp_new en (1) ip_conntrack_proto_sctp.c y (2) nf_conntrack_proto_sctp.c en Netfilter en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, permite a atacantes remotos provocar deneg... • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 252EXPL: 0CVE-2007-2453 – /dev/random broken
https://notcve.org/view.php?id=CVE-2007-2453
11 Jun 2007 — The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. La característica de número aleatorio en Linux kernel 2.6 anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, (1) no rellena adecuadamente la quiniela cuando no hay entropia, o ... • http://marc.info/?l=linux-kernel&m=118128610219959&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2875 – cpuset information leak
https://notcve.org/view.php?id=CVE-2007-2875
11 Jun 2007 — Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. Desbordamiento inferior de entero en la función cpuset_tasks_read en el Kernel de Linux anterior a 2.6.20.13, y 2.6.21.x anterior a 2.6.21.4, cuando el sistema de archivos cpuset está montado, permite a usuarios locales obtener contenid... • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.13 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 197EXPL: 0CVE-2007-2451
https://notcve.org/view.php?id=CVE-2007-2451
29 May 2007 — Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en drivers/crypto/geode-aes.c en GEOCE-AES en el núcleo de Linux anterior a 2.6.21.3 permite a atacantes obtener información sensible a través de vectores no especificados. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.3 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2007-2878 – Linux Kernel 2.6.x - VFat Compat IOCTLS Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-2878
29 May 2007 — The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. Las llamadas ioctl VFAT compat en el núcleo de Linux anterior a 2.6.21.2, cuando se ejecuta en un sistema de 64 bits, permite a usuarios locales corromper una estructura kernel_dirent y provocar una denegación de servicio (caída del sistema) a través de vectores no especificados. • https://www.exploit-db.com/exploits/30080 •