CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 7CVE-2010-4249 – Linux Kernel 2.6.37 - Unix Sockets Local Denial of Service
https://notcve.org/view.php?id=CVE-2010-4249
29 Nov 2010 — The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets. La función wait_for_unix_gc de net/unix/garbage.c en el kernel de Linux en versiones anteriores a la 2.6.37-rc3-next-20101125 no selecciona apropiadamente el momento de recolecta... • https://www.exploit-db.com/exploits/15622 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4077 – Linux Kenel 2.6.37-rc1 - serial_core TIOCGICOUNT Leak
https://notcve.org/view.php?id=CVE-2010-4077
29 Nov 2010 — The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función ntty_ioctl_tiocgicount de drivers/char/nozomi.c del kernel de Linux en versiones anteriores a la 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios lo... • https://www.exploit-db.com/exploits/16973 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2010-4073 – Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4073
29 Nov 2010 — The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c. El subsistema ipc del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa determinad... • https://www.exploit-db.com/exploits/17787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4074 – kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4074
29 Nov 2010 — The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c. El subsistema USB del kernel de Linux en versiones anteriores a la 2.6.36-rc5 no inicializa apropiadamente miembros de estructu... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a0846f1868b11cd827bdfeaf4527d8b1b1c0b098 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4072 – kernel: ipc/shm.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4072
29 Nov 2010 — The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." La función copy_shmid_to_user de ipc/shm.c del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información potencialmente confi... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4076
https://notcve.org/view.php?id=CVE-2010-4076
29 Nov 2010 — The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función rs_ioctl de drivers/char/amiserial.c del kernel de Linux en versiones 2.6.36.1 y anteriores no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener información potencialmen... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4075 – kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4075
29 Nov 2010 — The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. La función uart_get_count de drivers/serial/serial_core.c del kernel de Linux en versiones anteriores a la 2.6.37-rc1 no inicializa apropiadamente un miembro de una determinada estructura, lo que permite a usuarios locales obtener in... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d281da7ff6f70efca0553c288bb883e8605b3862 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-4079 – kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory
https://notcve.org/view.php?id=CVE-2010-4079
29 Nov 2010 — The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call. La función ivtvfb_ioctl de drivers/media/video/ivtv/ivtvfb.c del kernel de Linux en versiones anteriores a la 2.6.36-rc8 no inicializa apropiadamente un miembro determinado de una estructura, lo que permite a usuarios locales ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=405707985594169cfd0b1d97d29fcb4b4c6f2ac9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-3705 – kernel: sctp memory corruption in HMAC handling
https://notcve.org/view.php?id=CVE-2010-3705
26 Nov 2010 — The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. La función sctp_auth_asoc_get_hmac en net/sctp/auth.c en el kernel de Linux anteriores a v2.6.36 no valida correctamente la matriz hmac_ids de un par SCTP, lo cual permite a atacantes remotos provocar una denegación... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=51e97a12bef19b7e43199fc153cf9bd5f2140362 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 3CVE-2010-2963 – Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
https://notcve.org/view.php?id=CVE-2010-2963
26 Nov 2010 — drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. drivers/media/video/v4l2-compat-ioctl32.c en la implementación de Video4Linux (V4L) en kernel de... • https://www.exploit-db.com/exploits/15344 • CWE-20: Improper Input Validation •