CVSS: 9.8EPSS: 0%CPEs: 274EXPL: 0CVE-2013-2930 – kernel: perf/ftrace: insufficient check in perf_trace_event_perm()
https://notcve.org/view.php?id=CVE-2013-2930
09 Dec 2013 — The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. La función perf_trace_event_perm en kernel/trace/trace_event_perf.c en el kernel Linux anteriores 3.12.2 no restringe apropiadamente el acceso al subsistema perf, lo que permite a usuarios locales habilitar el seguimiento de funciones a traves de una aplicación manipulada... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=12ae030d54ef250706da5642fc7697cc60ad0df7 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 269EXPL: 1CVE-2013-4270 – kernel: net: permissions flaw in /proc/sys/net
https://notcve.org/view.php?id=CVE-2013-4270
07 Dec 2013 — The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application. La función net_ctl_permissions en net/sysctl_net.c en el kernel Linux anteriores a 3.11.5 no determina apropiadamente valores uid y gid, lo que permite a usuarios locales franquear restricciones /proc/sys/net a traves de una aplicación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2433c8f094a008895e66f25bd1773cdb01c91d01 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 274EXPL: 0CVE-2013-6378 – Kernel: drivers: libertas: potential oops in debugfs
https://notcve.org/view.php?id=CVE-2013-6378
27 Nov 2013 — The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. La función lbs_debugfs_write en drivers/net/wireless/libertas/debugfs.c del kernel de Linux hasta la versión 3.12.1 permite a usuarios locales provocar una denegación de servicio (OOPS) mediante el aprovechamiento de privilegios de root por una operación de escritura de longitud cer... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 274EXPL: 1CVE-2013-6380
https://notcve.org/view.php?id=CVE-2013-6380
27 Nov 2013 — The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. La función aac_send_raw_srb en drivers/scsi/aacraid/commctrl.c del kernel de Linux hasta la versión 3.12.1 no valida adecuadamente un valor de determinado tamaño,... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4789b8e6be3151a955ade74872822f30e8cd914 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6381 – Kernel: qeth: buffer overflow in snmp ioctl
https://notcve.org/view.php?id=CVE-2013-6381
27 Nov 2013 — Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. Desbordamiento de búfer en la función qeth_snmp_command de drivers/s390/net/qeth_core_main.c en el kernel de Linux hasta la versión 3.12.1 permite a usuarios locales provocar una denegación de servicio o po... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fb392b1a63ae36c31f62bc3fc8630b49d602b62 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 274EXPL: 1CVE-2013-6382
https://notcve.org/view.php?id=CVE-2013-6382
27 Nov 2013 — Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Múltiples desbord... • http://www.openwall.com/lists/oss-security/2013/11/22/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6383 – Kernel: AACRAID Driver compat IOCTL missing capability check
https://notcve.org/view.php?id=CVE-2013-6383
27 Nov 2013 — The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. La función aac_compat_ioctl en drivers/scsi/aacraid/linit.c del kernel de Linux anterior a la versión 3.11.8 no requiere la capacidad CAP_SYS_RAWIO, lo que permite a usuarios locales evadir restricciones de acceso intencionadas a través de una llamada ioctl manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f856567b930dfcdbc3323261bf77240ccdde01f5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.7EPSS: 4%CPEs: 3EXPL: 6CVE-2013-6282 – Linux Kernel Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2013-6282
19 Nov 2013 — The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. Las funciones de API (1) get_user y (2) put_user en el kernel de Linux anterior a la versión 3.5.5 en las plataformas v6k y v7 ARM no validan ciertas direcciones, lo q... • https://www.exploit-db.com/exploits/31574 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-4563
https://notcve.org/view.php?id=CVE-2013-4563
19 Nov 2013 — The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. La función udp6_ufo_fragment en net/ipv6/udp_offload.c del kernel de Linux hasta la versión 3.12, cuando está a... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e • CWE-189: Numeric Errors •
CVSS: 8.4EPSS: 30%CPEs: 273EXPL: 2CVE-2013-4579 – Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4579
19 Nov 2013 — The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. La función ath9k_htc_set_bssid_mask en drivers/net/wireless/ath/ath9k/htc_drv_main.c del kernel de Linux hasta la versión 3.... • https://www.exploit-db.com/exploits/38826 • CWE-310: Cryptographic Issues •