CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4256
https://notcve.org/view.php?id=CVE-2010-4256
25 Jan 2011 — The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. La función pipe_fcntl en fs/pipe.c en el kernel de Linux anteriores a v2.6.37 no determinar correctamente si un archivo es una tubería (pipe) con nombre, que permite a usuarios locales causar una denegación de servicio a través de una llamada F_SETPIPE_SZ fcntl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c66fb347946ebdd5b10908866ecc9fa05ee2cf3d • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4243 – Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-4243
22 Jan 2011 — fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858. fs/exec.c del kernel de Linux en versiones anteriores a la 2.6.37 no habilita el "OOM Killer" para evaluar el uso de la memoria de pila por los arrays de los (1) argumentos y (... • https://www.exploit-db.com/exploits/15619 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-4527 – kernel: buffer overflow in OSS load_mixer_volumes
https://notcve.org/view.php?id=CVE-2010-4527
13 Jan 2011 — The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. La función load_mixer_volumes en sound/oss/soundcard.c en el subsistema de sonido OSS del núcleo Linux anterior a v2.6.37 espera incorrect... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d81a12bc29ae4038770e05dce4ab7f26fd5880fb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4529
https://notcve.org/view.php?id=CVE-2010-4529
13 Jan 2011 — Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. Un desbordamiento de enteros en la función irda_getsockopt en net/irda/af_irda.c en el kernel de Linux anterior a v2.6.37 en plataformas no x86 permite a usuarios locales obtener información potencialmente sensible de la memoria del kernel a través ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdac1e0697356ac212259f2147aa60c72e334861 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-3865 – kernel: iovec integer overflow in net/rds/rdma.c
https://notcve.org/view.php?id=CVE-2010-3865
11 Jan 2011 — Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. Desbordamiento de enteros en la función rds_rdma_pages en net/rds/rdma.c en el núcleo de Linux permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de una e... • http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2010-4160 – kernel: L2TP send buffer allocation size overflows
https://notcve.org/view.php?id=CVE-2010-4160
07 Jan 2011 — Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. Múltiples desbordamientos de entero en las funciones (1) pppol2tp_sendmsg de net/l2tp/l2tp_ppp.c, y (2) l2tp_ip_sendmsg de net/l2tp/l2tp_ip.c, en l... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=253eacc070b114c2ec1f81b067d2fed7305467b0 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 4%CPEs: 11EXPL: 0CVE-2010-4164
https://notcve.org/view.php?id=CVE-2010-4164
03 Jan 2011 — Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873. Múltiples desbordamientos inferioreres de buffer en la función x25_parse_facilities en net/x25/x25_facilities.c en el kernel de Linux anteriores a v2.... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4162 – kernel: bio: integer overflow page count when mapping/copying user data
https://notcve.org/view.php?id=CVE-2010-4162
03 Jan 2011 — Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. Múltiples desbordamientos de entero en fs/bio.c en el kernel de Linux anterior a v2.6.36.2 permite a usuarios locales causar una denegación de servicio (fallo del sistema) a través de un dispositivo ioctl manipulado a un dispositivo SCSI. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cb4644cac4a2797afc847e6c92736664d4b0ea34 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3875
https://notcve.org/view.php?id=CVE-2010-3875
03 Jan 2011 — The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. La función ax25_getname en net/ax25/af_ax25.c en el kernel de Linux anterior a v2.6.37-rc2 no inicializa una determinada estructura, que permite a usuarios locales obtener información sensible de la pila del núcleo de memoria mediante la lectura de una c... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe10ae53384e48c51996941b7720ee16995cbcb7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3877 – kernel: net/tipc/socket.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3877
03 Jan 2011 — The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. La función get_Name en net/tipc/socket.c en el kernel de Linux anterior a v2.6.37-rc2 no inicia una determinada estructura, que permite a usuarios locales obtener información sensible de la pila del núcleo de memoria mediante la lectura de una copia de esta e... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52 • CWE-909: Missing Initialization of Resource •