CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2010-4250 – Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service
https://notcve.org/view.php?id=CVE-2010-4250
21 Jun 2012 — Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files. Una vulnerabilidad de pérdida de memoria en la función inotify_init1 en fs/notify/inotify/inotify_user.c en versiones del kernel de Linux anteriores a v2.6.37 permite a usuarios locales provocar una denegación de servicio (por excesivo consumo de memoria) a través de vectores... • https://www.exploit-db.com/exploits/35013 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 2CVE-2011-1479 – Linux Kernel 2.6.x - 'inotify_init1()' Double-Free Local Denial of Service
https://notcve.org/view.php?id=CVE-2011-1479
21 Jun 2012 — Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250. Una vulnerabilidad de doble liberación en el subsistema inotify en versiones del kernel de Linux anteriores a v2.6.39 permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores relacion... • https://www.exploit-db.com/exploits/35600 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2011-0716 – kernel: deficiency in processing igmp host membership reports in br_multicast
https://notcve.org/view.php?id=CVE-2011-0716
21 Jun 2012 — The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface. La función de br_multicast_add_group en net/bridge/br_multicast.c en versiones del kernel de Linux anteriores a v2.6.38, cuando se usa una determinada configuración de bridge Ethernet, permite a usuarios locales provocar una de... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1160 – kernel: tpm infoleaks
https://notcve.org/view.php?id=CVE-2011-1160
21 Jun 2012 — The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. La función de tpm_open en drivers/char/tpm/tpm.c en el kernel de Linux anteriores a v2.6.39 no se inicializa un búfer concreto, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4913
https://notcve.org/view.php?id=CVE-2011-4913
21 Jun 2012 — The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. La función rose_parse_ccitt en la net/rose/rose_subr.c en el kernel de... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 1CVE-2011-1493
https://notcve.org/view.php?id=CVE-2011-1493
21 Jun 2012 — Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. Un error de indice de array en la función rose_parse_national en net/rose/rose_subr.c en versiones del kernel de Linux anteriores a v2.6.39 permite a at... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 •
CVSS: 7.5EPSS: 4%CPEs: 10EXPL: 4CVE-2012-2127
https://notcve.org/view.php?id=CVE-2012-2127
21 Jun 2012 — fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd. fs/proc/root.c en las implementaciones de procfs del kernel de Linux anteriores a v3.2 no interactua adecuadamente con las llamadas al sistema de CLONE_NEWPID, lo... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 262EXPL: 1CVE-2012-1583 – kernel: ipv6: panic using raw sockets
https://notcve.org/view.php?id=CVE-2012-1583
16 Jun 2012 — Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. Vulnerabilidad de liberación doble en la función xfrm6_tunnel_rcv en net/ipv6/xfrm6_tunnel.c en el kernel de Linux anterior a v2.6.22, cuando el módulo xfrm6_tunnel está activada, permite a atacantes remotos causar una denegación de servicio (pánico) a través de ... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1CVE-2012-2313 – kernel: unfiltered netdev rio_ioctl access by users
https://notcve.org/view.php?id=CVE-2012-2313
13 Jun 2012 — The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. La función rio_ioctl de drivers/net/ethernet/dlink/dl2k.c del kernel de Linux en versiones anteriores a la 3.3.7 no restringe el acceso al comando SIOCSMIIREG, lo que permite a usuarios locales escribir datos a un adaptador Ethernet a través de una llamada ioctl. Potential vulnerabili... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2011-2208
https://notcve.org/view.php?id=CVE-2011-2208
13 Jun 2012 — Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. Error de signo de entero en la función osf_getdomainname de arch/alpha/kernel/osf_sys.c del kernel de Linux en versiones anteriores a la 2.6.39.4 de la plataforma Alpha permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamada ... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 • CWE-189: Numeric Errors •