CVSS: 5.5EPSS: 0%CPEs: 196EXPL: 0CVE-2013-1928 – Kernel: information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE
https://notcve.org/view.php?id=CVE-2013-1928
29 Apr 2013 — The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. La función do_video_set_spu_palette en fs/compat_ioctl.c del kernel de Linux antes de v3.6.5 en arquitecturas sin especificar carece de un control de errores, per puede permitir a usuarios locales obtener i... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12176503366885edd542389eed3aaf94be163fdb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 163EXPL: 0CVE-2013-1855 – rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
https://notcve.org/view.php?id=CVE-2013-1855
19 Mar 2013 — The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. El método sanitize_css en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pa... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 163EXPL: 0CVE-2013-1857 – rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
https://notcve.org/view.php?id=CVE-2013-1857
19 Mar 2013 — The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. El sanitize helper en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en e... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2546 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2546
14 Mar 2013 — The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. El API de informe en el API de configuración de cifrado del usuario en el kernel Linux v3.8.2 utiliza una función incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener información sensible de la memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 192EXPL: 0CVE-2012-6537 – Kernel: xfrm_user information leaks copy_to_user_
https://notcve.org/view.php?id=CVE-2012-6537
14 Mar 2013 — net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. net/XFRM/xfrm_user.c en el kernel de Linux anteriores a v3.6 no se inicializa algunas estructuras, lo que permite a usuarios locales obtener información sensible de la memoria del kernel mediante el aprovechamiento de la capacidad CAP_NET_ADMIN. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f86840f897717f86d523a13e99a447e6a5d2fa5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 191EXPL: 0CVE-2012-6538 – Kernel: xfrm_user: info leak in copy_to_user_auth
https://notcve.org/view.php?id=CVE-2012-6538
14 Mar 2013 — The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función copy_to_user_auth en net/xfrm/xfrm_user.c en el kernel de Linux anterior a v3.6 utiliza una incorrecta función de biblioteca C para copiar una cadena, permitiendo a usuarios locales obtener información sensible de la memoria dinámi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c87308bdea31a7b4828a51f6156e6f721a1fcc9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2012-6542 – Kernel: llc: information leak via getsockname
https://notcve.org/view.php?id=CVE-2012-6542
14 Mar 2013 — The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. La función llc_ui_getname en net/llc/af_llc.c en el kernel de Linux anterior a v3.6 no tiene un incorrecto valor de retorno en ciertas circunstancias, permitiendo a usuarios locales obtener información sensible de la me... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3592aaeb80290bda0f2cf0b5456c97bfc638b192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 192EXPL: 0CVE-2012-6544 – Kernel: Bluetooth: HCI & L2CAP information leaks
https://notcve.org/view.php?id=CVE-2012-6544
14 Mar 2013 — The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. La pila del protocolo Bluetooth en el kernel de Linux anterior a v3.6 no inicializa correctamente ciertas estructuras, permitiendo a usuarios locales obtener información sensible de la memoria de pila del núcleo a través de una aplicación es... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f68ba07b1da811bf383b4b701b129bfcb2e4988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •