CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2008-5033
https://notcve.org/view.php?id=CVE-2008-5033
10 Nov 2008 — The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. La function chip_command en drivers/media/video/tvaudio.c en el Kernel de Linux v2.6.25.x anteriores a v2.6.25.19, v2.6.26.x anteriores a v2.6.26.7, y v2.6.27.x anteriores a 2.6.27.3 permite a los atacantes provocar una denegación de servi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2008-4395
https://notcve.org/view.php?id=CVE-2008-4395
06 Nov 2008 — Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. Múltiples desbordamientos de búfer en el modulo ndiswrapper v1.53 en el kernel de Linux v2.6 permite a atacantes remotos ejecutar código a su elección mediante el envío de paquetes a través de una red inalámbrica local que obligue a tener un ESSID largo. • http://bugs.gentoo.org/show_bug.cgi?id=239371 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 110EXPL: 0CVE-2008-4933 – kernel: hfsplus: fix Buffer overflow with a corrupted image
https://notcve.org/view.php?id=CVE-2008-4933
05 Nov 2008 — Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. Desbordamiento del búfer en la función hfsplus_find_cat de fs/hfsplus/catalog.c en el kernel de Linux anterior a 2.6.28-rc1; permite a los atacantes provocar una denegación de servicio (corrupci... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2008-3527 – kernel: missing boundary checks in syscall/syscall32_nopage()
https://notcve.org/view.php?id=CVE-2008-3527
05 Nov 2008 — arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. arch/i386/kernel/sysenter.c en la implementación Virtual Dynamic Shared Objects (vDSO) para el kernel de Linux anterior a v2.6.21, no comprueba de forma adecuada los límites; ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4934 – kernel: hfsplus: check read_mapping_page() return value
https://notcve.org/view.php?id=CVE-2008-4934
05 Nov 2008 — The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. La función hfsplus_block_allocate en el archivo fs/hfsplus/bitmap.c en el kernel de Linux anterior a versión 2.6.28-rc1 no verifica cierto valor de retorno de la función read_mapping_page anterior al llamar a kmap... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=649f1ee6c705aab644035a7998d7b574193a598a • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 109EXPL: 0CVE-2008-4618 – kernel: sctp: Fix kernel panic while process protocol violation parameter
https://notcve.org/view.php?id=CVE-2008-4618
20 Oct 2008 — The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls. La implementación de Stream Control Transmission Protocol (sctp) en los nucleos de Linux anteriores a v2.... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3831 – kernel: i915 kernel drm driver arbitrary ioremap
https://notcve.org/view.php?id=CVE-2008-3831
20 Oct 2008 — The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. El driver i915 en (1) drivers/char/drm/i915_dma.c en el kernel v2.6.24 de Linux en De... • http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 8.8EPSS: 0%CPEs: 106EXPL: 0CVE-2008-4554 – kernel: don't allow splice() to files opened with O_APPEND
https://notcve.org/view.php?id=CVE-2008-4554
15 Oct 2008 — The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. La función do_splice_from en fs/splice.c del kernel de Linux anterior al 2.6.27 no rechaza los descriptores de fichero que tienen la bandera O_APPEND, lo que permite a usuarios locales evitar el modo append y hacer cambios de su elección a otros sitios en el arch... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=efc968d450e013049a662d22727cf132618dcb2f • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 10%CPEs: 101EXPL: 0CVE-2008-4576 – kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
https://notcve.org/view.php?id=CVE-2008-4576
15 Oct 2008 — sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. sctp en el kernel de Linux anterior a 2.6.25.18 permite a atacantes remotos provocar una denegación de servicio (OOPS) mediante un INIT-ACK que establece la AUTH de compartición no admitida, lo que provoca que la función sctp_... • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18 • CWE-287: Improper Authentication •