Page 459 of 3325 results (0.045 seconds)

CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 1

CVE-2013-2852 – Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation

https://notcve.org/view.php?id=CVE-2013-2852

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. Vulnerabilidad de formato de cadena en la función b43_request_firmware de drivers/net/wireless/b43/main.c en el driver del Broadcom B43 inhalambrico para el kernel Linux hasta la versión v3.9.4 permite a usuarios locales conseguir privilegios haciendo uso de acceso root e incluyendo especificaciones de formato de cadena en un parámetro fwpostfix modprobe, provocando una construcción inapropiada de un mensaje de error • https://www.exploit-db.com/exploits/38559 http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://rhn.redhat.com/errata/RHSA-2013-1450.html http://www.debian.org/security/2013/dsa-2766 http://www.openwall.com/lists/oss-security/2013 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-2851 – kernel: block: passing disk names as format strings

https://notcve.org/view.php?id=CVE-2013-2851

Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. Vulnerabilidad de formato de cadena en la función register_disk en block/genhd.c en Linux kernel hasta v3.9.4 permite a usuarios locales conseguir privilegios haciendo uso de acceso root y la escritura especificadores de formato de cadena en /sys/module/md_mod/parameters/new_array con el fin de crear un dispositivo /dev/md con el nombre manipulado. • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://marc.info/?l=linux-kernel&m=137055204522556&w=2 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://rhn.redhat.com/errata/RHSA-2013-1783.html http://rhn.redhat.com/errata/RHSA-2014-0284.html http://www.debian.org/security/2013/dsa-2766 http://www • CWE-134: Use of Externally-Controlled Format String •

CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2013-2147 – Kernel: cpqarray/cciss: information leak via ioctl

https://notcve.org/view.php?id=CVE-2013-2147

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. El controlador de array de discos HP Smart Array y el controlador de array de discos Compaq SMART2 en Linux kernel hasta v3.9.4 no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de (1) un comando modificado IDAGETPCIINFO para el dispositivo /dev/ida, relacionado con la función ida_locked_ioctl en drivers/block/cpqarray.c o (2) un comando modificado CCISS_PASSTHRU32 para el dispositivo /dev/cciss relacionado con la función cciss_ioctl32_passthru en drivers/block/cciss.c. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://lkml.org/lkml/2013/6/3/127 http://lkml.org/lkml/2013/6/3/131 http://rhn.redhat.com/errata/RHSA-2013-1166.html http://www.openwall.com/lists/oss-security/2013/06/05/25 http://www.ubuntu.com/usn/USN-1994-1 http://www.ubuntu.com/usn/USN-1996-1 http://www.ubuntu.com/usn/USN-1997-1 http://www.ubuntu.com/usn/USN-1999-1 http://www.ubuntu.com/usn/USN-20 • CWE-399: Resource Management Errors •

CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 2

CVE-2013-1929 – Kernel: tg3: buffer overflow in VPD firmware parsing

https://notcve.org/view.php?id=CVE-2013-1929

Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. Desbordamiento de búfer basado en memoria dinámica en la función tg3_read_vpd en drivers/net/ethernet/broadcom/tg3.c en el kernel de Linux anterior a v3.8.3 que permite a a atacantes físicamente cercanos causar una denegación de servicios (caída del sistema) o posiblemente ejecutar código arbitrario a través de firmware manipulado que especifica una cadena larga en la estructura de datos Vital Prduct Data (VPD) • http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=715230a44310a8cf66fbfb5a46f9a62a9b2de424 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 7

CVE-2013-2094 – Linux Kernel Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2013-2094

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. La función perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente diseñada. Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. • https://www.exploit-db.com/exploits/25444 https://www.exploit-db.com/exploits/26131 https://www.exploit-db.com/exploits/33589 https://github.com/Pashkela/CVE-2013-2094 https://github.com/vnik5287/CVE-2013-2094 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html http://lis • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •