VYPR

Linux kernel

by Linux

CVEs (27)

  • CVE-2001-0405Jul 2, 2001
    Linux
    Kernel
    risk 0.04cvss epss 0.10

    ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

  • CVE-2001-1384Oct 18, 2001
    Linux
    Kernel
    risk 0.03cvss epss 0.01

    ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.

  • CVE-1999-0804Jun 1, 1999
    Linux
    Kernel
    risk 0.03cvss epss 0.06

    Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

  • CVE-1999-1441Jun 30, 1998
    Linux
    Kernel
    risk 0.03cvss epss 0.01

    Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.

  • CVE-1999-1442Jun 22, 1998
    Linux
    Kernel
    risk 0.03cvss epss 0.01

    Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.

  • CVE-2003-0959Dec 31, 2003
    Linux
    Linux kernel
    risk 0.00cvss epss 0.02

    Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments.

  • CVE-2003-0956Dec 31, 2003
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow…

  • CVE-2003-0461Aug 27, 2003
    Linux
    Linux kernel
    risk 0.00cvss epss 0.00

    /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

  • CVE-2003-0464Aug 27, 2003
    Linux
    Linux kernel
    risk 0.00cvss epss 0.00

    The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.

  • CVE-2003-0248Jun 16, 2003
    Linux
    Linux kernel
    risk 0.00cvss epss 0.04

    The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

  • CVE-2003-0246Jun 16, 2003
    Linux
    Kernel
    risk 0.00cvss epss 0.01

    The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.

  • CVE-2003-0244May 27, 2003
    Linux
    Kernel
    risk 0.00cvss epss 0.04

    The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.

  • CVE-2002-2254Dec 31, 2002
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network…

  • CVE-2002-1963Dec 31, 2002
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.

  • CVE-2002-0510Aug 12, 2002
    Linux
    Kernel
    risk 0.00cvss epss 0.02

    The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.

  • CVE-2002-0570Jul 3, 2002
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

  • CVE-2001-1551Dec 31, 2001
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.

  • CVE-2001-1399Apr 17, 2001
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."

  • CVE-2001-1392Apr 17, 2001
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.

  • CVE-2001-1394Apr 17, 2001
    Linux
    Kernel
    risk 0.00cvss epss 0.00

    Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.

Page 1 of 2