CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2008-5033
https://notcve.org/view.php?id=CVE-2008-5033
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS) via unknown vectors. La function chip_command en drivers/media/video/tvaudio.c en el Kernel de Linux v2.6.25.x anteriores a v2.6.25.19, v2.6.26.x anteriores a v2.6.26.7, y v2.6.27.x anteriores a 2.6.27.3 permite a los atacantes provocar una denegación de servicio (referencia a puntero a función NULL y OOPS) a través de vectores desconocidos. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1 http://secunia.com/advisories/32918 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.19 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.7 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.3 http://www.mandriva.com/security/advisories?name=MDVSA-2008:246 http://www.securityfocus.com/bid/32094 http://www.u • CWE-399: Resource Management Errors •
CVSS: 8.3EPSS: 5%CPEs: 2EXPL: 0CVE-2008-4395
https://notcve.org/view.php?id=CVE-2008-4395
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. Múltiples desbordamientos de búfer en el modulo ndiswrapper v1.53 en el kernel de Linux v2.6 permite a atacantes remotos ejecutar código a su elección mediante el envío de paquetes a través de una red inalámbrica local que obligue a tener un ESSID largo. • http://bugs.gentoo.org/show_bug.cgi?id=239371 http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git%3Ba=commitdiff%3Bh=49945b423c2f7e33b4c579ca460df6a806ee8f9f http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html http://secunia.com/advisories/32509 http://www.mail-archive.com/frugalware-git%40frugalware.org/msg22366.html http://www.securityfocus.com/bid/32118 http://www.securitytracker.com/id?1021142 http://www.ubuntu.com/usn/usn-662-1 http://www.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 110EXPL: 0CVE-2008-4933 – kernel: hfsplus: fix Buffer overflow with a corrupted image
https://notcve.org/view.php?id=CVE-2008-4933
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. Desbordamiento del búfer en la función hfsplus_find_cat de fs/hfsplus/catalog.c en el kernel de Linux anterior a 2.6.28-rc1; permite a los atacantes provocar una denegación de servicio (corrupción de memoria o caída del sistema) a través de una imagen del sistema de ficheros hfsplus con un campo de la longitud del nombre (namelength) de catalog (catálogo) no válido. Está relacionado con la función hfsplus_cat_build_key_uni. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html http://rhn.redhat.com/errata/RHSA-2009-0264.html http://secunia.com/advisories/32510 http://secunia.com/advisories/32918 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 27EXPL: 0CVE-2008-3527 – kernel: missing boundary checks in syscall/syscall32_nopage()
https://notcve.org/view.php?id=CVE-2008-3527
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. arch/i386/kernel/sysenter.c en la implementación Virtual Dynamic Shared Objects (vDSO) para el kernel de Linux anterior a v2.6.21, no comprueba de forma adecuada los límites; esto permite a usuarios locales ganar privilegios o provocar una denegación de servicio a través de vectores no especificados. Está relacionado con las funciones install_special_mapping, syscall y syscall32_nopage. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32485 http://secunia.com/advisories/32759 http://secunia.com/advisories/33180 http://www.debian.org/security/2008/dsa-1687 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21 http://www.redhat.com/support/errata/RHSA-2008-0957.html http://www. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4934 – kernel: hfsplus: check read_mapping_page() return value
https://notcve.org/view.php?id=CVE-2008-4934
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. La función hfsplus_block_allocate en el archivo fs/hfsplus/bitmap.c en el kernel de Linux anterior a versión 2.6.28-rc1 no verifica cierto valor de retorno de la función read_mapping_page anterior al llamar a kmap, lo que permite a los atacantes causar una denegación de servicio (bloqueo de sistema) por medio de una imagen del sistema de archivos hfsplus. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=649f1ee6c705aab644035a7998d7b574193a598a http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 http://rhn.redhat.com/errata/RHSA-2009-0264.html http://secunia.com/advisories/32510 http://secunia.com/advisories/32918 http://secunia.com/advisories/32998 http://secunia.com/advisories/33180 http://secunia.com/advisories/33556 http://secunia.com/advisories/33858 http://www.debian • CWE-20: Improper Input Validation •