CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2003-0986
https://notcve.org/view.php?id=CVE-2003-0986
31 Dec 2003 — Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service. • http://linux.bkbits.net:8080/linux-2.4/cset%403fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ •
CVSS: 10.0EPSS: 0%CPEs: 48EXPL: 0CVE-2003-0959
https://notcve.org/view.php?id=CVE-2003-0959
31 Dec 2003 — Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. • http://linux.bkbits.net:8080/linux-2.4/cset%403ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A •
CVSS: 9.1EPSS: 0%CPEs: 53EXPL: 0CVE-2003-0984
https://notcve.org/view.php?id=CVE-2003-0984
23 Dec 2003 — Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. Las rutinas de reloj de tiempo real (RTC - real time clock) en Linux kernel 2.4.23 y anteriores no inicializan adecuadamente sus estructuras, lo que podría filtrar datos del kernel en espacio de usuario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2003-0961 – Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2003-0961
02 Dec 2003 — Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges. Un "error en comprobaciones de límites" en la función do_brk del kernel de Linux 2.4.22 y anteriores permite a usuarios locales ganar privilegios de root. • https://www.exploit-db.com/exploits/131 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0187
https://notcve.org/view.php?id=CVE-2003-0187
05 Aug 2003 — The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. El núcleo de seguimiento de conexiones de Netfilter para Linux 2.4.20, con CONFIG_IP_NF_CONNTRACK activado o con el módulo ip_conn... • http://marc.info/?l=bugtraq&m=105986028426824&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0467
https://notcve.org/view.php?id=CVE-2003-0467
05 Aug 2003 — Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. Vulnerabilidad desconocida en ip_nat_sack_adjust de Netfilter en los kernels de Linux 2.4.20 y algunos 2.5.x,cuando CONFIG_IP_NF_NAT_FTP o CONFIG_IP_NF_NAT_IRC están activa... • http://marc.info/?l=bugtraq&m=105985703724758&w=2 •
CVSS: 6.2EPSS: 4%CPEs: 1EXPL: 1CVE-2003-0619 – Linux Kernel 2.4.20 - 'decode_fh' Denial of Service
https://notcve.org/view.php?id=CVE-2003-0619
01 Aug 2003 — Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. Error de falta de signo en enteros en la función decode_fh de nfs3xdr.c en el kernel de Linux anteriores a 2 .4.21 permite a atacantes remotos causar una denegación de servicio (pánico del kernel) mediante un valor de tamaño negativo en los datos XDR de una llamada de procedimien... • https://www.exploit-db.com/exploits/68 •
CVSS: 4.7EPSS: 0%CPEs: 27EXPL: 1CVE-2003-0462 – Linux Kernel 2.4 - SUID 'execve()' System Call Race Condition Executable File Read
https://notcve.org/view.php?id=CVE-2003-0462
25 Jul 2003 — A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). Una condición de carrera en la manera que los punteros env_start y env_end son inicializados en la llamada al sistema execve y usada en fs/proc/base.c en Linux 2.4 permite a usuarios locales causar una denegación de servicio (caída). • https://www.exploit-db.com/exploits/22840 •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2003-0643
https://notcve.org/view.php?id=CVE-2003-0643
25 Jul 2003 — Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). • http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0465
https://notcve.org/view.php?id=CVE-2003-0465
15 Jul 2003 — The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. La función del kernel strncpy en Linux 2.4 y 2.5 no rellena con %NUL el búfer de otra arquitectura que no sea x86, opuestamente a la conducta esperada de la strncpy implementada en libc, lo que podría llevar a fugas de información. • http://marc.info/?l=linux-kernel&m=105796021120436&w=2 •