Page 318 of 2941 results (0.024 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. En el kernel de Linux anterior a versión 2.6.20, se presenta un error por un paso en el archivo net/netlabel/netlabel_cipso_v4.c donde es posible desbordar la matriz doi_def-)tags[]. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2a2f11c227bdf292b3a2900ad04139d301b56ac4 https://github.com/torvalds/linux/commit/2a2f11c227bdf292b3a2900ad04139d301b56ac4 https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20 https://support.f5.com/csp/article/K05342145 https://support.f5.com/csp/article/K05342145?utm_source=f5support&amp%3Butm_medium=RSS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. En el kernel de Linux anterior a versión 4.1.4, ocurre un desbordamiento de búfer cuando se comprueban los parámetros username en el archivo drivers/media/dvb-frontends/cx24116.c. El tamaño máximo para un comando DiSEqC es 6, según la API de username. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c https://github.com/torvalds/linux/commit/1fa2337a315a2448c5434f41e00d56b01a22283c https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 https://access.redhat.com/security/cve/CVE-2015-9289 https://bugzilla.redhat.com/show_bug.cgi?id=1735655 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. En el kernel de Linux anterior a versión 2.6.37, se produjo un acceso a la matriz fuera de límites en el archivo drivers/net/mlx4/port.c. Cuando se busca una entrada liberada en cualquiera de las funciones mlx4_register_vlan() o mlx4_register_mac(), y no se presenta ninguna entrada liberada, el bucle termina sin actualizar la liberación de la variable local, lo que causa un acceso fuera de límites de la matriz. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 https://support.f5.com/csp/article/K04146019 https://support.f5.com/csp/article/K04146019?utm_source=f5support&amp%3Butm_medium=RSS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used ** EN DISPUTA ** En el kernel de Linux anterior a la versión 2.6.34, un problema de verificación de rango en drivers / gpu / drm / radeon / atombios.c podría causar un problema de apagado por uno (desbordamiento del búfer). NOTA: Al menos un mantenedor de Linux cree que este CVE está asignado incorrectamente y debe rechazarse porque el valor está codificado y no es controlable por el usuario donde se usa. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0031c41be5c529f8329e327b63cde92ba1284842 https://github.com/torvalds/linux/commit/0031c41be5c529f8329e327b63cde92ba1284842 https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 https://support.f5.com/csp/article/K33183814?utm_source=f5support&amp%3Butm_medium=RSS • CWE-193: Off-by-one Error •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 https& • CWE-369: Divide By Zero •