CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2013-3301 – Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3301
29 Apr 2013 — The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. La implementacion ftrace en Linux Kernel anterior a v3.8.8 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del si... • https://www.exploit-db.com/exploits/38465 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2546 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2546
14 Mar 2013 — The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. El API de informe en el API de configuración de cifrado del usuario en el kernel Linux v3.8.2 utiliza una función incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener información sensible de la memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 114EXPL: 2CVE-2013-1773 – Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1773
28 Feb 2013 — Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. Desbordamiento de búfer en la implementación del sistema de ficheros VFAT en el kernel de Linux antes de v3.3 que permite a usuarios locales obtener privilegios o causar denegación de servicios por una operaci... • https://www.exploit-db.com/exploits/23248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 176EXPL: 0CVE-2013-1774 – Kernel: USB io_ti driver NULL pointer dereference in routine chase_port
https://notcve.org/view.php?id=CVE-2013-1774
28 Feb 2013 — The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. La función chase_port en drivers/usb/serial/io_ti.c en el kernel de Linux anteriores a v3.7.4 permite a usuarios locales provocar una denegación de servicio (desreferencia puntero NULL y caída del sistema) /dev/ttyUSB a través de u... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 0CVE-2012-3459 – cumin: allows for editing internal Condor job attributes
https://notcve.org/view.php?id=CVE-2012-3459
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2680 – cumin: authentication bypass flaws
https://notcve.org/view.php?id=CVE-2012-2680
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 1CVE-2012-2681 – cumin: weak session keys
https://notcve.org/view.php?id=CVE-2012-2681
28 Sep 2012 — Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2683 – cumin: multiple XSS flaws
https://notcve.org/view.php?id=CVE-2012-2683
28 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permit... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •