Lucene search

K
LinuxLinux Kernel2.4.0

91 matches found

CVE
CVE
added 2001/05/07 4:0 a.m.57 views

CVE-2001-0316

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.

4.6CVSS5.4AI score0.00274EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.56 views

CVE-2004-1333

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

2.1CVSS7.1AI score0.0023EPSS
CVE
CVE
added 2006/04/27 5:6 p.m.56 views

CVE-2006-2071

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.

2.1CVSS7.2AI score0.00107EPSS
CVE
CVE
added 2005/12/03 12:0 a.m.55 views

CVE-2004-2607

A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.

2.1CVSS5.7AI score0.00064EPSS
CVE
CVE
added 2003/08/07 4:0 a.m.54 views

CVE-2003-0476

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

2.1CVSS5.9AI score0.00111EPSS
CVE
CVE
added 2006/05/09 8:0 p.m.54 views

CVE-2005-4798

Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client.

5CVSS7.3AI score0.00892EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.53 views

CVE-2001-0405

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

7.5CVSS6.9AI score0.14298EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.53 views

CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

5CVSS6.6AI score0.00623EPSS
CVE
CVE
added 2006/02/27 11:0 p.m.53 views

CVE-2003-0986

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

1.7CVSS6.2AI score0.00055EPSS
CVE
CVE
added 2004/11/23 5:0 a.m.53 views

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

2.1CVSS5.8AI score0.00299EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.53 views

CVE-2004-1071

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2CVSS7.4AI score0.00052EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.52 views

CVE-2004-0075

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

2.1CVSS5.9AI score0.00064EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.51 views

CVE-2002-1976

ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.

2.1CVSS6.5AI score0.00075EPSS
CVE
CVE
added 2005/04/05 4:0 a.m.51 views

CVE-2005-0749

The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.

7.2CVSS5AI score0.00043EPSS
CVE
CVE
added 2006/03/21 6:2 p.m.51 views

CVE-2006-1342

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

2.1CVSS5.5AI score0.00186EPSS
CVE
CVE
added 2007/10/14 8:0 p.m.50 views

CVE-2002-2254

The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would ot...

2.1CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.50 views

CVE-2003-0465

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

5CVSS6.3AI score0.00473EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.50 views

CVE-2004-0133

The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.

2.1CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.50 views

CVE-2004-0181

The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.

2.1CVSS5.1AI score0.00065EPSS
CVE
CVE
added 2007/10/09 10:0 a.m.50 views

CVE-2004-2731

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative bu...

4.4CVSS7.3AI score0.00127EPSS
CVE
CVE
added 2006/01/06 11:3 a.m.50 views

CVE-2006-0096

wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is prote...

7.2CVSS5.1AI score0.00053EPSS
CVE
CVE
added 2006/03/15 5:6 p.m.50 views

CVE-2006-1242

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks...

5CVSS7.3AI score0.0304EPSS
CVE
CVE
added 2007/07/12 4:30 p.m.50 views

CVE-2007-3720

The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during ...

2.1CVSS6.1AI score0.00053EPSS
CVE
CVE
added 2006/01/23 10:0 p.m.49 views

CVE-2002-1571

The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.

2.1CVSS6.1AI score0.00075EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.49 views

CVE-2004-0658

Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_...

7.2CVSS7.9AI score0.00067EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.49 views

CVE-2004-1057

Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.

7.2CVSS7.2AI score0.00051EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.48 views

CVE-2001-1244

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network tra...

5CVSS7.1AI score0.08688EPSS
CVE
CVE
added 2006/01/27 10:0 p.m.48 views

CVE-2002-1573

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."

10CVSS6.4AI score0.00437EPSS
CVE
CVE
added 2004/04/15 4:0 a.m.47 views

CVE-2003-1040

kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.

2.1CVSS6AI score0.00078EPSS
CVE
CVE
added 2005/04/14 4:0 a.m.47 views

CVE-2004-0812

Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.

2.1CVSS7AI score0.00072EPSS
CVE
CVE
added 2006/05/31 10:0 a.m.47 views

CVE-2004-0997

Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.

4.6CVSS6.1AI score0.00067EPSS
CVE
CVE
added 2005/05/11 4:0 a.m.47 views

CVE-2005-1263

The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pa...

7.2CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2006/01/27 10:0 p.m.46 views

CVE-2002-1572

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.

10CVSS6.7AI score0.00437EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.46 views

CVE-2004-1144

Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.

7.2CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2005/03/07 5:0 a.m.45 views

CVE-2005-0179

Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.

2.1CVSS5.2AI score0.00067EPSS
CVE
CVE
added 2005/10/25 6:2 p.m.45 views

CVE-2005-2708

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash uli...

2.1CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2002/08/12 4:0 a.m.44 views

CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

2.1CVSS6.6AI score0.00183EPSS
CVE
CVE
added 2002/07/03 4:0 a.m.44 views

CVE-2002-0570

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

2.1CVSS6.5AI score0.00118EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.42 views

CVE-2005-0207

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2006/01/09 11:0 a.m.42 views

CVE-2005-4635

The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows remote attackers to cause a denial of service (invalid memory reference) via malformed fib_lookup netlink messages.

5CVSS6.6AI score0.01476EPSS
CVE
CVE
added 2005/06/01 4:0 a.m.40 views

CVE-2004-2135

cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

2.1CVSS6.9AI score0.00456EPSS
Total number of security vulnerabilities91