CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-3298 – kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
https://notcve.org/view.php?id=CVE-2010-3298
30 Sep 2010 — The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función hso_get_count en drivers/net/usb/hso.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible de ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=7011e660938fc44ed86319c18a5954e95a82ab3e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3297 – kernel: drivers/net/eql.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3297
30 Sep 2010 — The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. La función eql_g_master_cfg en drivers/net/eql.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=44467187dc22fdd33a1a06ea0ba86ce20be3fe3c • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-3296 – kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3296
30 Sep 2010 — The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. La función cxgb_extension_ioctl en drivers/net/cxgb3/cxgb3_main.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtene... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=49c37c0334a9b85d30ab3d6b5d1acb05ef2ef6de • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3084 – kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3084
29 Sep 2010 — Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. Desbordamiento de búfer en la función niu_get_ethtool_tcam_all en drivers/net/niu.c en el kernel de Linux anteriores a v2.6.36-rc4 permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través del comando ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3310
https://notcve.org/view.php?id=CVE-2010-3310
29 Sep 2010 — Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. Múltiples errores de signo entero en net/rose/af_rose.c en el kernel de Linux anteriores a v2.6.36-RC5-next-20100923 permite a usuarios locales provocar una denegación de servicio (corrupción en la pila... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9828e6e6e3f19efcb476c567b9999891d051f52f • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3081 – Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3081
24 Sep 2010 — The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. Las funciones ... • https://www.exploit-db.com/exploits/15024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2010-3301 – Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3301
22 Sep 2010 — The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. La llamada del sistema IA32 para la emulación de binarios de 32 bits en arch/x86/ia... • https://www.exploit-db.com/exploits/15023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3477 – kernel: net/sched/act_police.c infoleak
https://notcve.org/view.php?id=CVE-2010-3477
21 Sep 2010 — The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. La función tcf_act_police_dump en net/sched/act_police.c del kernel Linux anterior ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3078 – kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
https://notcve.org/view.php?id=CVE-2010-3078
21 Sep 2010 — The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2010-3067 – kernel: do_io_submit() infoleak
https://notcve.org/view.php?id=CVE-2010-3067
21 Sep 2010 — Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. Vulnerabilidad de desbordamiento de entero en la función do_io_submit en fs/aio.c del kernel Linux anterior a v2.6.36-rc4-next-20100915, permite a usuarios locales provocar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través del uso... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 • CWE-190: Integer Overflow or Wraparound •