CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1477
https://notcve.org/view.php?id=CVE-2011-1477
Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. Múltiples errores de índice de matriz en sound/oss/opl3.c en versiones del kernel de Linux anteriores a v2.6.39 permiten a usuarios locales provocar una denegación de servicio (corrupción de memoria dinámica) o posiblemente obtener privilegios mediante el aprovechamiento del acceso de escritura a /dev/sequencer. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4d00135a680727f6c3be78f8befaac009030e4df http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/03/25/1 https://github.com/torvalds/linux/commit/4d00135a680727f6c3be78f8befaac009030e4df • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2011-1585 – kernel: cifs session reuse
https://notcve.org/view.php?id=CVE-2011-1585
The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. La función cifs_find_smb_ses en fs/cifs/connect.c en el Linux kernel anterior a v2.6.36 no determina correctamente las asociaciones entre usuarios y sesiones, lo que permite a usuarios locales eludir la autenticación CIFS mediante el aprovechamiento de un punto de montaje compartido por un usuario diferente. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ff67b720c02c36e54d55b88c2931879b7db1cd2 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.openwall.com/lists/oss-security/2011/04/15/8 https://bugzilla.redhat.com/show_bug.cgi?id=697394 https://github.com/torvalds/linux/commit/4ff67b720c02c36e54d55b88c2931879b7db1cd2 https://access.redhat.com/security/cve/CVE-2011-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.3EPSS: 97%CPEs: 28EXPL: 5CVE-2011-0611 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0611
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. Adobe Flash Player anterior a la versión 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versión 2.6.19140; y Authplay.dll (también se conoce como AuthPlayLib.bundle) en Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x hasta 10.0.1 en Windows, Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de aplicación) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tamaño en un "group of included constants", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011. Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. • https://www.exploit-db.com/exploits/17473 https://www.exploit-db.com/exploits/17175 http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://lists.opensuse.org/open • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 1CVE-2011-1083 – Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1083
The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. La implementación epoll en el Kernel de Linux v2.6.37.2 y anteriores no cruza un árbol de descriptores de fichero epoll adecuadamente, lo que permite a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de una aplicación manipulada que hace epoll_create y llamadas al sistema epoll_ctl. • https://www.exploit-db.com/exploits/35403 http://article.gmane.org/gmane.linux.kernel/1105744 http://article.gmane.org/gmane.linux.kernel/1105888 http://article.gmane.org/gmane.linux.kernel/1106686 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://openwall.com/lists/oss-security/2011/03/02/1 http://openwall.com/lists/oss-security/2011/03/02/2 http://rhn.redhat.com/e • CWE-400: Uncontrolled Resource Consumption •