CVSS: 7.8EPSS: 0%CPEs: 274EXPL: 1CVE-2013-6382
https://notcve.org/view.php?id=CVE-2013-6382
27 Nov 2013 — Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Múltiples desbord... • http://www.openwall.com/lists/oss-security/2013/11/22/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6383 – Kernel: AACRAID Driver compat IOCTL missing capability check
https://notcve.org/view.php?id=CVE-2013-6383
27 Nov 2013 — The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. La función aac_compat_ioctl en drivers/scsi/aacraid/linit.c del kernel de Linux anterior a la versión 3.11.8 no requiere la capacidad CAP_SYS_RAWIO, lo que permite a usuarios locales evadir restricciones de acceso intencionadas a través de una llamada ioctl manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f856567b930dfcdbc3323261bf77240ccdde01f5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4588
https://notcve.org/view.php?id=CVE-2013-4588
19 Nov 2013 — Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. Múltiples desbordamientos basados en pila en net/netfilter/ipvs/ip_vs_ctl.c en el kernel de Linux anterior a la versión 2.6.33, cuando es usado CON... • http://ftp.linux.org.uk/pub/linux/linux-2.6/ChangeLog-2.6.33 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4563
https://notcve.org/view.php?id=CVE-2013-4563
19 Nov 2013 — The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. La función udp6_ufo_fragment en net/ipv6/udp_offload.c del kernel de Linux hasta la versión 3.12, cuando está a... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e • CWE-189: Numeric Errors •
CVSS: 8.4EPSS: 30%CPEs: 273EXPL: 2CVE-2013-4579 – Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4579
19 Nov 2013 — The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. La función ath9k_htc_set_bssid_mask en drivers/net/wireless/ath/ath9k/htc_drv_main.c del kernel de Linux hasta la versión 3.... • https://www.exploit-db.com/exploits/38826 • CWE-310: Cryptographic Issues •
CVSS: 6.2EPSS: 0%CPEs: 204EXPL: 1CVE-2013-4591 – kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached
https://notcve.org/view.php?id=CVE-2013-4591
19 Nov 2013 — Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. Desbordamiento de búfer en la función __nfs4_get_acl_uncached en fs/nfs/nfs4proc.c del kernel de Linux anterior a la versión 3.7.2 permite a usuarios locales provocar ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d3e91a89b7adbc2831334def9e494dd9892f9af • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 234EXPL: 2CVE-2013-4592 – kernel: kvm: memory leak when memory slot is moved with assigned device
https://notcve.org/view.php?id=CVE-2013-4592
19 Nov 2013 — Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. Filtración de memoria en la función __kvm_set_memory_region de virt/kvm/kvm_main.c en el kernel de Linux anterior a la versión 3.9 permite a usuarios locales provocar una denegación de servicio (consumo de memoria) mediante el aprovechamiento de cierto acceso al d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.7EPSS: 4%CPEs: 3EXPL: 6CVE-2013-6282 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2013-6282
19 Nov 2013 — The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. Las funciones de API (1) get_user y (2) put_user en el kernel de Linux anterior a la versión 3.5.5 en las plataformas v6k y v7 ARM no validan ciertas direcciones, lo q... • https://www.exploit-db.com/exploits/31574 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6763
https://notcve.org/view.php?id=CVE-2013-6763
12 Nov 2013 — The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511. La función uio_mmap_physical en drivers/uio/uio.c del kernel de Linux anterior a la versión 3.12 no valida el tamaño de un bloque de memoria, lo que permite a usuarios locales provocar una denegación de se... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7314e613d5ff9f0934f7a0f74ed7973b903315d1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4511
https://notcve.org/view.php?id=CVE-2013-4511
12 Nov 2013 — Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. Múltiples desbordamientos de enteros en drivers frame-buffer en Alchemy LCD del kernel de Linux anterior a la versión 3.12 ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7314e613d5ff9f0934f7a0f74ed7973b903315d1 • CWE-189: Numeric Errors •