CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3637 – kernel: proc: fix oops on invalid /proc/<pid>/maps access
https://notcve.org/view.php?id=CVE-2011-3637
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. La función m_stop en fs/proc/task_mmu.c en el kernel de Linux antes de v2.6.39 permite a usuarios locales provocar una denegación de servicio a través de vectores que provocan un error m_start. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=76597cd31470fa130784c78fadb4dab2e624a723 http://www.openwall.com/lists/oss-security/2012/02/06/1 https://bugzilla.redhat.com/show_bug.cgi?id=747848 https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723 https://access.redhat.com/security/cve/CVE-2011-3637 • CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3593 – kernel: vlan: fix panic when handling priority tagged frames
https://notcve.org/view.php?id=CVE-2011-3593
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. Cierta actualización de Red Hat para la función vlan_hwaccel_do_receive en net/8021q/vlan_core.c del kernel Linux v2.6.32 en Red Hat Enterprise Linux (RHEL) 6 permite que atacantes remotos provoquen una denegación de servicio (parada del sistema) mediante una trama VLAN con etiqueta de prioridad. • http://www.openwall.com/lists/oss-security/2012/03/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=742846 https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=0e48f8daac293335e16e007663b9f4d248f89f0c https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh=fadca7bdc43b02f518585d9547019966415cadfd https://access.redhat.com/security/cve/CVE-2011-3593 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3363 – kernel: cifs: always do is_path_accessible check in cifs_mount
https://notcve.org/view.php?id=CVE-2011-3363
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. La función setup_cifs_sb function en fs/cifs/connect.cen el kernel de Linux antes de v2.6.39 no maneja correctamente las referencias de la DFS, lo que permite a servidores CIFS remotos provocar una denegación de servicio (caída del sistema) mediante la colocación de una derivación en la raíz de una acción. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70945643722ffeac779d2529a348f99567fa5c33 http://www.openwall.com/lists/oss-security/2011/09/14/12 https://bugzilla.redhat.com/show_bug.cgi?id=738291 https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 https://access.redhat.com/security/cve/CVE-2011-3363 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2942 – kernel: bridge: null pointer dereference in __br_deliver
https://notcve.org/view.php?id=CVE-2011-2942
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. Un parche de Red Hat para la función __br_deliver en net/bridge/br_forward.c en el Kernel de Linux v2.6.18 en Red Hat Enterprise Linux (RHEL) 5 permite a atacantes remotos causar una denegación de servicio (NULL pointer dereference y caída del sistema) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la conectividad con una interfaz de red que utiliza un dispositivo Ethernet puente. • http://www.openwall.com/lists/oss-security/2011/10/24/3 https://bugzilla.redhat.com/show_bug.cgi?id=730917 https://access.redhat.com/security/cve/CVE-2011-2942 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2009-4067 – Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-4067
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. Un desbordamiento del búfer en la función auerswald_probe en el controlador USB Auerswald Linux para el kernel de Linux versiones anteriores a 2.6.27, permite a atacantes físicamente próximos ejecutar código arbitrario, causar una denegación de servicio por medio de un dispositivo USB diseñado o tomar el control total del sistema. • https://www.exploit-db.com/exploits/35957 http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf https://bugzilla.redhat.com/show_bug.cgi?id=722393 https://access.redhat.com/security/cve/CVE-2009-4067 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •