CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2066 – kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
https://notcve.org/view.php?id=CVE-2010-2066
08 Sep 2010 — The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. La función mext_check_arguments en fs/ext4/move_extent.c en el kernel de Linux anterior a v2.6.35, permite a usuarios locales sobrescribir una archivo de solo-añadir (append-only) a través de una llamada MOVE_EXT ioctl que especifica este archivo como un donante. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2524 – kernel: dns_resolver upcall security issue
https://notcve.org/view.php?id=CVE-2010-2524
08 Sep 2010 — The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. La funcionalidad de resolución DNS en el kernel de Linux anterior a v2.6.35, cuando CONFIG_CI... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7 •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4895 – kernel: tty->pgrp races
https://notcve.org/view.php?id=CVE-2009-4895
08 Sep 2010 — Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. Condición de carrera en la función tty_fasync en drivers/char/tty_io.c en el kernel de Linux v2.6.32.6, permite a usuarios locale... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=703625118069f9f8960d356676662d3db5a9d116 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 11EXPL: 3CVE-2010-2959 – Linux Kernel < 2.6.36-rc1 (Ubuntu 10.04 / 2.6.32) - 'CAN BCM' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-2959
08 Sep 2010 — Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. Desbordamiento de enterno en net/can/bcm en la implementación Controller Area Network (CAN) del kernel de Linux anterior a v2.6.27.53, v2.6.32.x anterior a v2.6.32.21, v2.6.34.x anterior a v2.6.... • https://www.exploit-db.com/exploits/14814 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2010-2960
https://notcve.org/view.php?id=CVE-2010-2960
08 Sep 2010 — The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. La función keyctl_session_to_parent en security/keys/keyctl.c en el kernel de Linux v2.6.35.4 y anteriores, espera que determinados keyrings de sesió... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 23%CPEs: 147EXPL: 0CVE-2010-2248 – kernel: cifs: Fix a kernel BUG with remote OS/2 server
https://notcve.org/view.php?id=CVE-2010-2248
07 Sep 2010 — fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. Las funciones CIFSSMBWrite y CIFSSMBWrite2 de fs/cifs/cifssmb.c en la aplicación CIFS del kernel de Linux antes de v2.6.34-rc4 permiten a atacantes remotos provocar una denegación de servicio (mediant... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6513a81e9325d712f1bfb9a1d7b750134e49ff18 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 10.0EPSS: 15%CPEs: 149EXPL: 0CVE-2010-2521 – kernel: nfsd4: bug in read_buf
https://notcve.org/view.php?id=CVE-2010-2521
07 Sep 2010 — Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. Múltiples desbordamientos de búfer en fs/nfsd/nfs4xdr.c en la aplicación XDR en el servidor NFS del kernel de Linux antes de v2.6.34-rc6 permiten a atacantes remotos provocar una dene... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-2226 – kernel: xfs swapext ioctl minor security issue
https://notcve.org/view.php?id=CVE-2010-2226
03 Sep 2010 — The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. La función xfs_swapext en fs/xfs/xfs_dfrag.c en el kernel de Linux kernel anterior v2.6.35 no chequea adecuadamente los descriptores de archivo en SWAPEXT ioctl, lo que permiete a usuarios locales aprovechar el acceso de escritura y obtener acc... • http://archives.free.net.ph/message/20100616.130710.301704aa.en.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2010-2954
https://notcve.org/view.php?id=CVE-2010-2954
03 Sep 2010 — The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. La función irda_bind en net/irda/af_irda.c en el kernel de Linux anterior v2.6.36-rc3-next-20100901 no maneja adecuadamente los fallos de la... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2010-2240 – kernel: mm: keep a guard page below a grow-down stack segment
https://notcve.org/view.php?id=CVE-2010-2240
03 Sep 2010 — The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. La función do_anonymous_page en mm/memory.c en el kernel de Linux anterior v2.6.27.52, v2.6.32.x... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=320b2b8de12698082609ebbc1a17165727f4c893 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •