Page 506 of 2770 results (0.021 seconds)

CVSS: 7.1EPSS: 7%CPEs: 8EXPL: 3

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. net/ceph/auth_x.c en Ceph, utilizado en el kernel de Linux anterior a 3.16.3, no valida debidamente las respuestas de autor válidas, lo que permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impacto no especificado a través de datos manipulados de la dirección IP de un monitor Ceph. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8 http://tracker.ceph.com/issues/8979 http://tracker.ceph.com/issues/9561 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/15/7 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. Múltiples desbordamientos de buffer basado en pila en la función magicmouse_raw_event en drivers/hid/hid-magicmouse.c en el controlador Magic Mouse HID en el kernel de Linux hasta 3.16.3 permiten a atacantes físicamente próximos causar una denegación de servicio (caída del sistema) o posiblemente ejecutar código arbitrario a través de un dispositivo que proporciona una cantidad grande de datos (1) EHCI o (2) XHCI asociados con un evento. An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c54def7bd64d7c0b6993336abcffb8444795bf38 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2014-1318.html http://www.openwall.com/lists/oss-security/2014/09/11/21 http://www.securityfocus.com/bid/69779 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. Las funciones report_fixup en el subsistema HID en el kernel de Linux anterior a 3.16.2 podrían permitir a atacantes físicamente próximos causar una denegación de servicio (escritura fuera de rango) a través de un dispositivo manipulado que proporciona un descriptor de informes pequeño, relacionado con (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, y (6) drivers/hid/hid-sunplus.c. Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2014-1318.html http://rhn.redhat.com/errata/RHSA&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •

CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. Error en el indice del arry en la función logi_dj_raw_event en drivers/hid/hid-logitech-dj.c en el kernel de Linux anterior a 3.16.2 permite a atacantes físicamente próximos ejecutar código arbitrario o causar una denegación de servicio (kfree inválido) a través de un dispositivo manipulado que proporciona un valor REPORT_TYPE_NOTIF_DEVICE_UNPAIRED malformado. An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 http://rhn.redhat.com/errata/RHSA-2014-1318.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2 http://www.openwall.com/lists/oss-security/2014/09/11/21 http://www.securityfocus.com/bid/69770 https://bugzilla.redhat.com/show_bug.cgi?id=1141210 https://code.google.com/p/google-security-research/issues/detail?id=89 https://github.com/t • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 9%CPEs: 5EXPL: 1

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket. net/ceph/auth_x.c en Ceph, utilizado en el kernel de Linux anterior a 3.16.3, no considera debidamente la posibilidad de fallos de kmalloc, lo que permite a atacantes remotos causar una denegación de servicio (caída del sistema) o posiblemente tener otro impacto no especificado a través de un ticket de autor largo no cifrado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8 http://tracker.ceph.com/issues/8979 http://tracker.ceph.com/issues/9560 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 http://www.openwall.com/lists/oss-security/2014/09/15/7 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN • CWE-399: Resource Management Errors •