CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1333 – kernel: denial of service due to memory leak in add_key()
https://notcve.org/view.php?id=CVE-2015-1333
29 Jul 2015 — Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. Vulnerabilidad de fuga de memoria en la función __key_link_end en security/kesy/keyring.c en el kernel de Linux en versiones anteriores a 4.1.4, permite a usuarios locales causar una denegación de servicio (consumo de memoria) a través de muchas llamadas al sistema add_key que hac... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2015-3290 – Linux Kernel - 'espfix64' Nested NMIs Interrupting Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3290
23 Jul 2015 — arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, confía indebidamente en espfix64 durante el procesamiento anidado de NMI, lo que permite a usuarios locales obtener privilegios al desencadenar u... • https://packetstorm.news/files/id/132994 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3291 – Ubuntu Security Notice USN-2690-1
https://notcve.org/view.php?id=CVE-2015-3291
23 Jul 2015 — arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, no determina correctamente cuándo está ocurriendo el procesamiento anidado de NMI, lo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5157 – kernel: x86-64: IRET faults during NMIs processing
https://notcve.org/view.php?id=CVE-2015-5157
23 Jul 2015 — arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, no maneja correctamente los fallos IRET procesando NMIs que ocurrieron durante la ejecución en el espacio de usuario, lo que puede permitir a usuarios l... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a • CWE-264: Permissions, Privileges, and Access Controls CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4692 – Ubuntu Security Notice USN-2681-1
https://notcve.org/view.php?id=CVE-2015-4692
23 Jul 2015 — The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. Vulnerabilidad en la función kvm_apic_has_events en arch/x86/kvm/lapic.h en el Kernel de Linux hasta la versión 4.1.3, permite a usuarios locales causar una denegación de servicio (mediante la referencia a un puntero NULO y una caída del ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 •
CVSS: 8.5EPSS: 2%CPEs: 4EXPL: 1CVE-2015-4004 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2015-4004
07 Jun 2015 — The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. El controlador OZWPAN en el kernel de Linux hasta 4.0.5 depende de un campo de longitud no confiable durante el análisis sintáctico de paquetes, lo que permite a atacantes remotos obtener información sensible de la memoria del kern... • http://openwall.com/lists/oss-security/2015/06/05/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2150
12 Mar 2015 — Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 77EXPL: 0CVE-2007-1884
https://notcve.org/view.php?id=CVE-2007-1884
06 Apr 2007 — Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2001-0886
https://notcve.org/view.php?id=CVE-2001-0886
21 Dec 2001 — Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. Desbordamiento de buffer en la función glob de glibc para Red Hat Linux 6.2 a 7.2, y otros sistemas operativos, permite a atacantes causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrarios mediante un patrón de glob que acaba en una llave "{" • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447 •