CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3297 – kernel: drivers/net/eql.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-3297
30 Sep 2010 — The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. La función eql_g_master_cfg en drivers/net/eql.c en el kernel Linux anterior a la versión 2.6.36-rc5, no inicia adecuadamente un miembro de cierta estructura, lo que permite a usuarios locales obtener información potencialmente sensible ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=44467187dc22fdd33a1a06ea0ba86ce20be3fe3c • CWE-909: Missing Initialization of Resource •
CVSS: 1.9EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3310
https://notcve.org/view.php?id=CVE-2010-3310
29 Sep 2010 — Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. Múltiples errores de signo entero en net/rose/af_rose.c en el kernel de Linux anteriores a v2.6.36-RC5-next-20100923 permite a usuarios locales provocar una denegación de servicio (corrupción en la pila... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9828e6e6e3f19efcb476c567b9999891d051f52f • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2010-2946
https://notcve.org/view.php?id=CVE-2010-2946
29 Sep 2010 — fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. fs/jfs/xattr.c en el kernel de Linux anterior a v2.6.35.2 no controla correctamente un cierto formato antiguo para el almacenamiento de los atributos extendidos, lo cual podría permitir a usuarios locales eludir las restricciones de espacio de no... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2478
https://notcve.org/view.php?id=CVE-2010-2478
29 Sep 2010 — Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. Desbordamiento de enteros en la función ethtool_get_rxnfc en net/core/ethtool.c en el kernel de Linux anterior a v2.6.33.7 en plataformas ... • http://article.gmane.org/gmane.linux.network/164869 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3084 – kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3084
29 Sep 2010 — Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. Desbordamiento de búfer en la función niu_get_ethtool_tcam_all en drivers/net/niu.c en el kernel de Linux anteriores a v2.6.36-rc4 permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través del comando ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3477 – kernel: net/sched/act_police.c infoleak
https://notcve.org/view.php?id=CVE-2010-3477
21 Sep 2010 — The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. La función tcf_act_police_dump en net/sched/act_police.c del kernel Linux anterior ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3078 – kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
https://notcve.org/view.php?id=CVE-2010-3078
21 Sep 2010 — The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. La función xfs_ioc_fsgetxattr en fs/xfs/linux-2.6/xfs_ioctl.c del kernel Linux anterior a v2.6.36-rc4 no inicializa apropiadamente ciertos miembros de estructura, lo que permite a usuarios locales obtener información potencialmente sensible de la pi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2010-3080 – kernel: /dev/sequencer open failure is not handled correctly
https://notcve.org/view.php?id=CVE-2010-3080
21 Sep 2010 — Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. Vulnerabilidad de doble liberación en la función snd_seq_oss_open de sound/core/seq/oss/seq_oss_init.c en el kernel Linux anterior a v6.36-rc4 podría permitir a usuarios locales causar una denegación de servicio o posibl... • http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2010-2942 – kernel: net sched: fix some kernel memory leaks
https://notcve.org/view.php?id=CVE-2010-2942
21 Sep 2010 — The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sc... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2010-3067 – kernel: do_io_submit() infoleak
https://notcve.org/view.php?id=CVE-2010-3067
21 Sep 2010 — Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. Vulnerabilidad de desbordamiento de entero en la función do_io_submit en fs/aio.c del kernel Linux anterior a v2.6.36-rc4-next-20100915, permite a usuarios locales provocar una denegación de servicio o posiblemente tenga otro impacto sin especificar a través del uso... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 • CWE-190: Integer Overflow or Wraparound •