CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1958
https://notcve.org/view.php?id=CVE-2013-1958
24 Apr 2013 — The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. La función scm_check_creds en net/core/scm.c en el kernel de Linux antes de v3.8.6 no hace cumplir adecuadamente los requisitos d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=92f28d973cce45ef5823209aab3138eb45d8b349 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1957
https://notcve.org/view.php?id=CVE-2013-1957
24 Apr 2013 — The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. La función clone_mnt en fs/namespace.c en el kernel Linux antes de v3.8.6 no restringe adecuadamente los cambios en la bandera MNT_READONLY, lo que permite a usuarios locales eludir una propiedad de sólo lectura prevista de un sistema de archivos median... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=132c94e31b8bca8ea921f9f96a57d684fa4ae0a9 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1956
https://notcve.org/view.php?id=CVE-2013-1956
24 Apr 2013 — The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. La función create_user_ns en kernel/user_namespace.c en el kernel Linux antes de v3.8.6 no comprueba si existe un directorio de chroot que difiere del directorio raíz de espacio de nombres, que permite a los usuarios locales p... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3151527ee007b73a0ebd296010f1c0454a919c7d • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3236
https://notcve.org/view.php?id=CVE-2013-3236
22 Apr 2013 — The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función vmci_transport_dgram_dequeue en net/vmw_vsock/vmci_transport.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener info... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=680d04e0ba7e926233e3b9cee59125ce181f66ba • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3076 – Kernel: crypto: algif - suppress sending source address information in recvmsg
https://notcve.org/view.php?id=CVE-2013-3076
22 Apr 2013 — The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. La API crypto en el kernel de Linux hasta v3.9-rc8 no inicializa cierta longitud de variables, permitiendo a usuarios locales obtener información sensible desde la ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3237
https://notcve.org/view.php?id=CVE-2013-3237
22 Apr 2013 — The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función vsock_stream_sendmsg en net/vmw_vsock/af_vsock.c en el kernel de Linux anterior a v3.9-rc7 no inicializa cierta longitud de variable, lo que permite a usuarios locales obtener información sensible desde la pila del kernel median... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d5e0d0f607a7a029c6563a0470d88255c89a8d11 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3222 – Kernel: atm: update msg_namelen in vcc_recvmsg()
https://notcve.org/view.php?id=CVE-2013-3222
22 Apr 2013 — The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función vcc_recvmsg en net/atm/common.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recvmsg ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9b3e617f3df53822345a8573b6d358f6b9e5ed87 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3223 – Mandriva Linux Security Advisory 2013-176
https://notcve.org/view.php?id=CVE-2013-3223
22 Apr 2013 — The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función ax25_recvmsg en net/ax25/af_ax25.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta estructura de datos, permitiendo a usuarios locales obtener información sensible desde la pila del kernel mediante una syscall recv... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ef3313e84acbf349caecae942ab3ab731471f1a1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3224 – Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()
https://notcve.org/view.php?id=CVE-2013-3224
22 Apr 2013 — The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función bt_sock_recvmsg en net/bluetooth/af_bluetooth.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4683f42fde3977bdb4e8a09622788cc8b5313778 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3225 – Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg
https://notcve.org/view.php?id=CVE-2013-3225
22 Apr 2013 — The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. La función rfcomm_sock_recvmsg en net/bluetooth/rfcomm/sock.c en el kernel de Linux anterior a v3.9-rc7 no inicializa correctamente cierta longitud de variable, permitiendo a usuarios locales obtener información sensible desde la pila de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e11e0455c0d7d3d62276a0c55d9dfbc16779d691 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •