CVSS: 6.2EPSS: 0%CPEs: 208EXPL: 0CVE-2013-2015 – Mandriva Linux Security Advisory 2013-265
https://notcve.org/view.php?id=CVE-2013-2015
29 Apr 2013 — The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. La funcion ext4_orphan_del en fs/ext4/namei.c en Linux Kernel anterior a v3.7.3 no maneja adecuadamente las cabeceras orphan-list para sistemas de f... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2546 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2546
14 Mar 2013 — The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. El API de informe en el API de configuración de cifrado del usuario en el kernel Linux v3.8.2 utiliza una función incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener información sensible de la memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 114EXPL: 2CVE-2013-1773 – Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1773
28 Feb 2013 — Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. Desbordamiento de búfer en la implementación del sistema de ficheros VFAT en el kernel de Linux antes de v3.3 que permite a usuarios locales obtener privilegios o causar denegación de servicios por una operaci... • https://www.exploit-db.com/exploits/23248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 176EXPL: 0CVE-2013-1774 – Kernel: USB io_ti driver NULL pointer dereference in routine chase_port
https://notcve.org/view.php?id=CVE-2013-1774
28 Feb 2013 — The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. La función chase_port en drivers/usb/serial/io_ti.c en el kernel de Linux anteriores a v3.7.4 permite a usuarios locales provocar una denegación de servicio (desreferencia puntero NULL y caída del sistema) /dev/ttyUSB a través de u... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2735 – cumin: session fixation flaw
https://notcve.org/view.php?id=CVE-2012-2735
28 Sep 2012 — Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. Vulnerabilidad de fijación de sesión en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a través de una cookie de sesión modificada a mano. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2684 – cumin: SQL injection flaw
https://notcve.org/view.php?id=CVE-2012-2684
28 Sep 2012 — Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id. Múltiples vulnerabilidades de inyección SQL en la función get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecución remota de SQ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 1CVE-2012-2685 – cumin: DoS via large image requests
https://notcve.org/view.php?id=CVE-2012-2685
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de memoria) a través de una solicitud de imagen de gran tamaño. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2734 – cumin: CSRF flaw
https://notcve.org/view.php?id=CVE-2012-2734
28 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. Multiples vulnerabilidades de fasificación de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos se... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 • CWE-352: Cross-Site Request Forgery (CSRF) •