Page 112 of 1170 results (0.015 seconds)

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

CVE-2014-4608 – kernel: lzo1x_decompress_safe() integer overflow

https://notcve.org/view.php?id=CVE-2014-4608

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. ** DISPUTADA ** Múltiples desbordamientos de enteros en la función lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* está afectado; sensacionalismo periodístico.' An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisori • CWE-190: Integer Overflow or Wraparound •

CVSS: 2.3EPSS: 0%CPEs: 35EXPL: 0

CVE-2014-4027 – Kernel: target/rd: imformation leakage

https://notcve.org/view.php?id=CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. La función rd_build_device_space en drivers/target/target_core_rd.c en el kernel de Linux anterior a 3.14 no inicializa debidamente cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria ramdisk_mcp mediante el aprovechamiento del acceso a un iniciador SCSI. An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618 http://secunia.com/advisories/59134 http://secunia.com/advisories/59777 http://secunia.com/advisories/60564 http://secunia.com/advisories/61310 http://www.openwall. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 1

CVE-2014-1739 – Linux Kernel 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure

https://notcve.org/view.php?id=CVE-2014-1739

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. La función media_device_enum_entities en drivers/media/media-device.c en el kernel de Linux anterior a 3.14.6 no inicializa cierta estructura de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel mediante el aprovechamiento del acceso a lectura /dev/media0 para una llamada MEDIA_IOC_ENUM_ENTITIES ioctl. An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes. • https://www.exploit-db.com/exploits/39214 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6a623460e5fc960ac3ee9f946d3106233fd28d8 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://secunia.com/advisories/59597 http://speirofr.appspot.com/cve-2014-1739-kernel-infoleak-vulnerability-in-media_enum_entities.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-4039 – ppc64-diag: multiple temporary file races

https://notcve.org/view.php?id=CVE-2014-4039

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. ppc64-diag 2.6.1 utiliza permisos 0775 para /tmp/diagSEsnap y no restringe debidamente permisos para /tmp/diagSEsnap/snapH.tar.gz, lo que permite a usuarios locales obtener información sensible mediante la lectura de ficheros en este archivo, tal y como fue demostrado por /var/log/messages y /etc/yaboot.conf. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files. • http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html http://openwall.com/lists/oss-security/2014/06/17/1 http://rhn.redhat.com/errata/RHSA-2015-0383.html http://rhn.redhat.com/errata/RHSA-2015-1320.html http://secunia.com/advisories/60616 http://www.securityfocus.com/bid/68086 https://bugzilla.redhat.com/show_bug.cgi?id=1109371 https://access.redhat.com/security/cve/CVE-2014-4039 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-4038 – ppc64-diag: multiple temporary file races

https://notcve.org/view.php?id=CVE-2014-4038

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. ppc64-diag 2.6.1 permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico relacionado con (1) rtas_errd/diag_support.c y /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc y /tmp/diagSEsnap/snapH.tar.gz o (3) lpd/test/lpd_ela_test.sh y /var/tmp/ras. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files. • http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00018.html http://openwall.com/lists/oss-security/2014/06/17/1 http://rhn.redhat.com/errata/RHSA-2015-0383.html http://rhn.redhat.com/errata/RHSA-2015-1320.html http://secunia.com/advisories/60616 http://www.securityfocus.com/bid/68049 https://bugzilla.novell.com/show_bug.cgi?id=882667 https://bugzilla.redhat.com/show_bug.cgi?id=1109371 https://access.redhat.com/security/cve/CVE-2014-4038 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •