CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 1CVE-2016-3134 – Linux Kernel 3.10/3.18 /4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
https://notcve.org/view.php?id=CVE-2016-3134
14 Mar 2016 — The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_R... • https://www.exploit-db.com/exploits/39545 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0821 – Ubuntu Security Notice USN-2970-1
https://notcve.org/view.php?id=CVE-2016-0821
12 Mar 2016 — The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. La funcionalidad LIST_POISON en include/linux/poison.h en el kernel de Linux en versiones anter... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf • CWE-908: Use of Uninitialized Resource •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0823
https://notcve.org/view.php?id=CVE-2016-0823
12 Mar 2016 — The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. La función pagemap_open en fs/proc/task_mmu.c en el kernel de Linux en versiones anteriores a 3.19.3, tal como se utiliza en Android 6.0.1 en versiones anteriores a 2016-03-01, permite a usuarios locales obtener información sensible de la dirección física... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 3CVE-2016-2188 – Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC)
https://notcve.org/view.php?id=CVE-2016-2188
12 Mar 2016 — The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función iowarrior_probe en drivers/usb/misc/iowarrior.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de ... • https://packetstorm.news/files/id/136219 •
CVSS: 4.9EPSS: 1%CPEs: 14EXPL: 2CVE-2016-2184 – Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)
https://notcve.org/view.php?id=CVE-2016-2184
12 Mar 2016 — The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. La función create_fixed_stream_quirk en sound/usb/quirks.c en el controlador snd-usb-audio en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denega... • https://packetstorm.news/files/id/136221 •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 2CVE-2016-2185 – Ubuntu Security Notice USN-2997-1
https://notcve.org/view.php?id=CVE-2016-2185
12 Mar 2016 — The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función ati_remote2_probe en drivers/input/misc/ati_remote2.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) ... • https://packetstorm.news/files/id/136222 •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 2CVE-2016-2186 – Ubuntu Security Notice USN-2997-1
https://notcve.org/view.php?id=CVE-2016-2186
12 Mar 2016 — The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función powermate_probe en drivers/input/misc/powermate.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través... • https://packetstorm.news/files/id/136217 •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 4CVE-2016-2782 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2016-2782
09 Mar 2016 — The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. La función treo_attach en drivers/usb/serial/visor.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos causar una denegación de servicio (referencia ... • https://packetstorm.news/files/id/136142 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 1%CPEs: 14EXPL: 2CVE-2016-3136 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'mct_u232' Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2016-3136
09 Mar 2016 — The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. La función mct_u232_msr_to_state en drivers/usb/serial/mct_u232.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y ca... • https://packetstorm.news/files/id/136140 •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 1CVE-2016-3137 – Ubuntu Security Notice USN-2997-1
https://notcve.org/view.php?id=CVE-2016-3137
09 Mar 2016 — drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. drivers/usb/serial/cypress_m8.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a p... • https://packetstorm.news/files/id/136139 •