Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:2.6.23:rc2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-5182 |
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. Published: November 20, 2008; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2008-2750 |
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. Published: June 18, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-1673 |
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. Published: June 09, 2008; 8:32:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-1669 |
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." Published: May 07, 2008; 8:20:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2008-1514 |
arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference. Published: March 25, 2008; 8:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-0009 |
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. Published: February 12, 2008; 4:00:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-0010 |
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. Published: February 12, 2008; 4:00:00 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2008-0600 |
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. Published: February 12, 2008; 4:00:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2008-0001 |
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. Published: January 15, 2008; 3:00:00 PM -0500 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2007-5966 |
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. Published: December 19, 2007; 7:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-5501 |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. Published: November 15, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-5093 |
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device. Published: September 26, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-6058 |
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error. Published: November 21, 2006; 8:07:00 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |