National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.4.0:test11
There are 2,450 matching records.
Displaying matches 2401 through 2420.
Vuln ID Summary CVSS Severity
CVE-2004-0658

Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.

Published: August 06, 2004; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2004-0427

The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-0109

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.

Published: June 01, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0133

The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-0177

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0178

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

Published: June 01, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-0181

The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.

Published: June 01, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-2135

cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

Published: May 26, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2003-1040

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

Published: April 15, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-0075

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

Published: March 15, 2004; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-0003

Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."

Published: March 03, 2004; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2004-0010

Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.

Published: March 03, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-0077

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Published: March 03, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2003-0985

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

Published: January 20, 2004; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2003-0984

Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.

Published: January 05, 2004; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2003-0959

Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2003-0986

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 1.7 LOW
CVE-2003-1327

Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 9.3 HIGH
CVE-2003-1332

Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2003-1372

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM