Page 15 of 264 results (0.019 seconds)

CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0

CVE-2009-3080 – kernel: gdth: Prevent negative offsets in ioctl

https://notcve.org/view.php?id=CVE-2009-3080

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. Error de indice de matriz en la función gdth_read_event en drivers/scsi/gdth.c en el kernel de Linux antes de v2.6.32-RC8 permite a usuarios locales provocar una denegación de servicio o posiblemente obtener privilegios a través de un índice de evento negativo en una solicitud IOCTL. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://secunia. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •

CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0

CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface

https://notcve.org/view.php?id=CVE-2009-3553

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el descriptor de fichero abstracto de cuelgue de interface en la función cupsdDoSelect en scheduler/select.c en el scheduler en cupsd en CUPS v1.3.7 y v1.3.10 permite a los atacantes remoto causar una denegación de servicio (caída o cuelque del demonio) a través de una desconexión de cliente durante el listado de una elevado número de trabajos de impresión, en relación al mantenimiento inapropiado de un contador de referencia. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html http://secunia.com/advisories/37360 http://secunia.com/advisories/37364 http://secunia.com/advisories/38241 http://secunia.com/advisories/43521 http://security.gentoo.org/glsa/glsa-201207-10.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-275230-1 http://support.apple.com/kb/HT4004 http://www.cups.org/newsgroups.php/newsgroups.php?v5994+gcups.bugs http://www.cups.org/newsgroups.php/newsgr • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 1

CVE-2009-3939 – kernel: megaraid_sas permissions in sysfs

https://notcve.org/view.php?id=CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. El fichero poll_mode_io para el controlador megaraid_sas en el kernel de Linux v2.6.31.6 y anteriores tiene permisos de escritura para todos, permitiendo a usuarios locales cambiar el modo de E/S del dispositivo modificando este fichero. • http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-03 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1

CVE-2009-3725

https://notcve.org/view.php?id=CVE-2009-3725

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. La capa de conector en el kernel Linux versiones anteriores a v2.6.31.5 no requiere de la capacidad CAP_SYS_ADMIN para ciertas interacciones de los subsistemas (1) uvesafb, (2) pohmelfs, (3) dst, o (4) dm, permitiendo a usuarios locales saltar las restricciones de acceso implementadas y obtener privilegios mediante peticiones a las funciones en esos subsistemas. • http://marc.info/?l=linux-kernel&m=125449888416314&w=2 http://marc.info/?l=oss-security&m=125715484511380&w=2 http://marc.info/?l=oss-security&m=125716192622235&w=2 http://patchwork.kernel.org/patch/51382 http://patchwork.kernel.org/patch/51383 http://patchwork.kernel.org/patch/51384 http://patchwork.kernel.org/patch/51387 http://secunia.com/advisories/37113 http://secunia.com/advisories/38905 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 7

CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2009-3547

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un canal anónimo en la ruta /proc/*/fd/. • https://www.exploit-db.com/exploits/9844 https://www.exploit-db.com/exploits/33321 https://www.exploit-db.com/exploits/10018 https://www.exploit-db.com/exploits/33322 https://www.exploit-db.com/exploits/40812 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •