| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4798 |
|
|
DoS Overflow |
2005-12-31 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client. |
|
2 |
CVE-2005-4639 |
|
|
DoS Exec Code Overflow |
2005-12-31 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". |
|
3 |
CVE-2005-4618 |
|
|
DoS Overflow |
2005-12-31 |
2009-11-12 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. |
|
4 |
CVE-2005-3808 |
|
|
DoS Overflow |
2005-11-25 |
2010-04-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system. |
|
5 |
CVE-2005-2500 |
|
|
DoS Exec Code Overflow |
2005-08-08 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol. |
|
6 |
CVE-2005-2490 |
|
|
Exec Code Overflow |
2005-09-14 |
2017-10-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread. |
|
7 |
CVE-2005-2456 |
|
|
DoS Exec Code Overflow |
2005-08-04 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. |
|
8 |
CVE-2005-1768 |
|
|
DoS Exec Code Overflow |
2005-07-11 |
2017-10-10 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow. |
|
9 |
CVE-2005-1263 |
|
|
Exec Code Overflow |
2005-05-11 |
2017-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow. |
|
10 |
CVE-2005-0867 |
|
|
Overflow |
2005-05-02 |
2017-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file. |
|
11 |
CVE-2005-0736 |
|
|
Overflow |
2005-03-09 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. |
|
12 |
CVE-2005-0532 |
|
|
Overflow |
2005-05-02 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. |
|
13 |
CVE-2005-0531 |
|
|
Overflow |
2005-05-02 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments. |
|
14 |
CVE-2005-0529 |
|
|
Overflow |
2005-05-02 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context. |
|
15 |
CVE-2005-0504 |
119 |
|
Exec Code Overflow |
2005-03-14 |
2017-10-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value. |
|
16 |
CVE-2005-0177 |
119 |
|
DoS Overflow |
2005-03-07 |
2017-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow. |
|
17 |
CVE-2005-0124 |
|
|
DoS Exec Code Overflow |
2005-04-14 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow. |
|
18 |
CVE-2004-1151 |
|
|
Overflow +Priv |
2005-01-10 |
2016-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges. |
|
19 |
CVE-2004-1072 |
|
|
DoS Exec Code Overflow |
2005-01-10 |
2017-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. |
