Page 22 of 265 results (0.016 seconds)

CVSS: 4.0EPSS: 0%CPEs: 176EXPL: 0

CVE-2013-1774 – Kernel: USB io_ti driver NULL pointer dereference in routine chase_port

https://notcve.org/view.php?id=CVE-2013-1774

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. La función chase_port en drivers/usb/serial/io_ti.c en el kernel de Linux anteriores a v3.7.4 permite a usuarios locales provocar una denegación de servicio (desreferencia puntero NULL y caída del sistema) /dev/ttyUSB a través de un intento de leer o escribir en un convertidor serie Edgeport USB desconectado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0744.html http://www.kernel.org/pub/linux • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •

CVSS: 6.6EPSS: 0%CPEs: 128EXPL: 0

CVE-2013-0310 – kernel: net: CIPSO_V4_TAG_LOCAL tag NULL pointer dereference

https://notcve.org/view.php?id=CVE-2013-0310

The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. La función cipso_v4_validate en net/ipv4/cipso_ipv4.c en el kernel de Linux anterior a v3.4.8 permite a usuarios locales causar una denegación de servicio (referencia a NULL y caída de la aplicación) o posiblemente tener otro impacto no especificado mediante una llamada al sistema setsockopt. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89d7ae34cdda4195809a5a987f697a517a2a3177 http://rhn.redhat.com/errata/RHSA-2013-0496.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.8 http://www.openwall.com/lists/oss-security/2013/02/20/5 https://bugzilla.redhat.com/show_bug.cgi?id=912900 https://github.com/torvalds/linux/commit/89d7ae34cdda4195809a5a987f697a517a2a3177 https://access.redhat.com/security/cve/CVE-2013-0310 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 162EXPL: 0

CVE-2013-0311 – kernel: vhost: fix length for cross region descriptor

https://notcve.org/view.php?id=CVE-2013-0311

The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. La función translate_desc en el kernel de Linux anterior a v3.7 no maneja correctamente descriptores cross-region, lo que permite a usuarios invitados del SO obtener privilegios del SO mediante el aprovechamiento de los privilegios KVM de invitado del SO. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2013-0496.html http://rhn.redhat.com/errata/RHSA-2013-0579.html http://rhn.redhat.com/errata/RHSA-2013-0882.html http://rhn.redhat.com/errata/RHSA-2013-0928.html http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.7.bz2 http://www.mandriva.com&# •

CVSS: 4.7EPSS: 0%CPEs: 172EXPL: 0

CVE-2013-0309 – kernel: mm: thp: pmd_present and PROT_NONE local DoS

https://notcve.org/view.php?id=CVE-2013-0309

arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. arch/x86/include/asm/pgtable.h en el kernel de Linux anterior a v3.62, cuando se utilizan paginas transparentes de gran tamaño, no soportan correctamente regiones de memoria PROT_NONE, lo que permite a usuarios locales generar una denegación de servicio (caída del sistema) mediante una aplicación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=027ef6c87853b0a9df53175063028edb4950d476 http://rhn.redhat.com/errata/RHSA-2013-0496.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.2 http://www.openwall.com/lists/oss-security/2013/02/20/4 https://bugzilla.redhat.com/show_bug.cgi?id=912898 https://github.com/torvalds/linux/commit/027ef6c87853b0a9df53175063028edb4950d476 https://access.redhat.com/security/cve/CVE-2013-0309 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.1EPSS: 0%CPEs: 25EXPL: 0

CVE-2013-1620 – nss: TLS CBC padding timing attack

https://notcve.org/view.php?id=CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal lateral ataques a una operación de comprobación de incumplimiento MAC durante el procesamiento de malformaciones relleno CBC, que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperación de texto plano-a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www. • CWE-203: Observable Discrepancy •