National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.4.29
There are 2,501 matching records.
Displaying matches 2381 through 2400.
Vuln ID Summary CVSS Severity
CVE-2007-4997

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

Published: November 06, 2007; 02:46:00 PM -05:00
    V2: 7.1 HIGH
CVE-2007-3850

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.

Published: October 23, 2007; 06:46:00 AM -04:00
    V2: 1.9 LOW
CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Published: October 21, 2007; 04:17:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2007-4133

The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

Published: October 04, 2007; 07:17:00 PM -04:00
    V2: 4.7 MEDIUM
CVE-2007-4571

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.

Published: September 26, 2007; 06:17:00 AM -04:00
    V2: 2.1 LOW
CVE-2007-5087

The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.

Published: September 26, 2007; 06:17:00 AM -04:00
    V2: 4.9 MEDIUM
CVE-2007-4573

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Published: September 24, 2007; 06:17:00 PM -04:00
    V2: 7.2 HIGH
CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Published: September 18, 2007; 03:17:00 PM -04:00
    V2: 7.6 HIGH
CVE-2007-3740

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Published: September 13, 2007; 09:17:00 PM -04:00
    V2: 4.4 MEDIUM
CVE-2007-3848

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

Published: August 14, 2007; 01:17:00 PM -04:00
    V2: 1.9 LOW
CVE-2007-4311

The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.

Published: August 13, 2007; 05:17:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2007-3851

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

Published: August 13, 2007; 03:17:00 PM -04:00
    V2: 6.0 MEDIUM
CVE-2007-3843

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

Published: August 09, 2007; 05:17:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2007-3105

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.

Published: July 27, 2007; 05:30:00 PM -04:00
    V2: 4.6 MEDIUM
CVE-2007-3945

Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.

Published: July 23, 2007; 07:30:00 PM -04:00
    V2: 6.4 MEDIUM
CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.

Published: July 15, 2007; 07:30:00 PM -04:00
    V2: 10.0 HIGH
CVE-2007-3107

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.

Published: July 10, 2007; 06:30:00 PM -04:00
    V2: 2.1 LOW
CVE-2007-3642

The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.

Published: July 09, 2007; 09:30:00 PM -04:00
    V2: 7.8 HIGH
CVE-2007-3513

The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).

Published: July 03, 2007; 06:30:00 AM -04:00
    V2: 4.9 MEDIUM
CVE-2007-2875

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

Published: June 11, 2007; 06:30:00 PM -04:00
    V2: 2.1 LOW