CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5321
https://notcve.org/view.php?id=CVE-2010-5321
24 Apr 2017 — Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. La pérdida de memoria en drivers/media/video/videobuf-core.c en el subsiste... • http://linuxtv.org/irc/v4l/index.php?date=2010-07-29 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2017-7645 – kernel: nfsd: Incorrect handling of long RPC replies
https://notcve.org/view.php?id=CVE-2017-7645
18 Apr 2017 — The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. El servidor NFSv2/NFSv3 en el subsistema nfsd en el Kernel de Linux hasta la versión 4.10.11 permite a atacantes remotos provocar una denegación de servicio (caída de sistema) a través de una respuesta RPC larga, relacionada con net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c y fs/n... • http://www.debian.org/security/2017/dsa-3886 • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7889 – kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
https://notcve.org/view.php?id=CVE-2017-7889
17 Apr 2017 — The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. El subsistema mm en el kernel de Linux hasta la versión 3.2 no aplica adecuadamente el mecanismo de protección CONFIG_STRICT_DEVMEM, lo que permite... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 • CWE-391: Unchecked Error Condition CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7616 – kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
https://notcve.org/view.php?id=CVE-2017-7616
10 Apr 2017 — Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. El manejo incorrecto de los errores en las syscalls set_mempolicy y mbind compat en mm/mempolicy.c en el kernel de Linux hasta la versión 4.10.9 permite a los usuarios locales obtener información confidencial de datos de pila no inicializados al activar... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 • CWE-388: 7PK - Errors CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-2671 – Linux Kernel - 'ping' Local Denial of Service
https://notcve.org/view.php?id=CVE-2017-2671
05 Apr 2017 — The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. En LightDM en versiones hasta 1.22.0, un problema de directorio transversal en debian/guest-account.sh permite a atacantes locales allows local attackers poseer ubicaciones de... • https://www.exploit-db.com/exploits/42135 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5870
https://notcve.org/view.php?id=CVE-2016-5870
04 Apr 2017 — The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket. La función msm_ipc_router_close en net/ipc_router/ipc_router_socket.c en componente ipc_router p... • http://www.securityfocus.com/bid/97414 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10318
https://notcve.org/view.php?id=CVE-2016-10318
04 Apr 2017 — A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. Una comprobación de autorización que falta en la función fscrypt_process_policy en fs/crypto/policy.c en el soporte de cifrado del sistema de archivos ext4 y f2fs en el kernel de Linux en versiones anteriores... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=163ae1c6ad6299b19e22b4a35d5ab24a89791a98 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9922
https://notcve.org/view.php?id=CVE-2014-9922
04 Apr 2017 — The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. El subsistema eCryptfs en el kernel de Linux en versiones anteriores a 3.18 permite a los usuarios locales obtener privilegios a través de una pila de archivos grande que incluye una capa de superposición, relacionada con fs/ecryptfs/main.c y fs/overlayfs/super.c. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2016-10229
https://notcve.org/view.php?id=CVE-2016-10229
04 Apr 2017 — udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. Udp.c en el kernel de Linux en versiones anteriores a 4.5 permite a los atacantes remotos ejecutar código arbitrario a través del tráfico UDP que dispara un segundo cálculo de checksum inseguro durante la ejecución de una llamada al sistema recv con el indicador MSG_PEEK. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •