CVSS: 5.0EPSS: 2%CPEs: 63EXPL: 0CVE-2005-2099
https://notcve.org/view.php?id=CVE-2005-2099
The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor. • http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 http://secunia.com/advisories/16355 http://secunia.com/advisories/17073 http://securitytracker.com/id?1014644 http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 http://www.redhat.com/support/errata/RHSA-2005-514.html http://www.securityfocus.com/archive/1/427980/100/0/threaded http://www.securityfocus.com/bid/14517 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A907 • CWE-399: Resource Management Errors •
CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2617
https://notcve.org/view.php?id=CVE-2005-2617
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers. • http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9fb1759a3102c26cd8f64254a7c3e532782c2bb8 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=9fb1759a3102c26cd8f64254a7c3e532782c2bb8 •
CVSS: 4.6EPSS: 0%CPEs: 65EXPL: 0CVE-2005-2555
https://notcve.org/view.php?id=CVE-2005-2555
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. • http://secunia.com/advisories/17002 http://secunia.com/advisories/17073 http://secunia.com/advisories/17826 http://secunia.com/advisories/19369 http://secunia.com/advisories/19374 http://www.debian.org/security/2006/dsa-1017 http://www.debian.org/security/2006/dsa-1018 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fc0b4a7a73a81e74d0004732df358f4f9975be2 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 1CVE-2005-2548
https://notcve.org/view.php?id=CVE-2005-2548
vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309308 http://lists.osdl.org/pipermail/bridge/2004-September/000638.html http://secunia.com/advisories/17826 http://secunia.com/advisories/18056 http://www.debian.org/security/2005/dsa-922 http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 http://www.securityfocus.com/bid/14611 https://usn.ubuntu.com/169-1 • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 72EXPL: 1CVE-2005-2553
https://notcve.org/view.php?id=CVE-2005-2553
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program. • http://linux.bkbits.net:8080/linux-2.4/cset%4041dd3455GwQPufrGvBJjcUOXQa3WXA http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html http://lkml.org/lkml/2005/1/5/245 http://secunia.com/advisories/17002 http://secunia.com/advisories/18059 http://secunia.com/advisories/18977 http://secunia.com/advisories/19038 http://www.debian.org/security/2005/dsa-921 http://www.redhat.com/support/errata/RHSA-2005-663.html http://www.securityfocus.com/archive/1/428058/ •