Page 539 of 2919 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-7273 – Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak

https://notcve.org/view.php?id=CVE-2018-7273

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables globales empleando llamadas printk en la función show_floppy en drivers/block/floppy.c. Un atacante puede leer esta información de dmesg y emplear las direcciones para encontrar las localizaciones del código y los datos del kernel y omitir las protecciones de seguridad como KASLR. • https://www.exploit-db.com/exploits/44325 https://github.com/jedai47/CVE-2018-7273 http://www.securityfocus.com/bid/103088 https://lkml.org/lkml/2018/2/20/669 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2018-6927 – kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact

https://notcve.org/view.php?id=CVE-2018-6927

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. La función futex_requeue en kernel/futex.c en el kernel de Linux, en versiones anteriores a la 4.14.15, podría permitir que atacantes provoquen una denegación de servicio (desbordamiento de enteros) o que puedan causar otro tipo de impacto sin especificar desencadenando un valor wake o requeue negativo. The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a http://www.securityfocus.com/bid/103023 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3619-1 https://usn.ubuntu. • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-1000028

https://notcve.org/view.php?id=CVE-2018-1000028

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. El kernel de Linux, en versiones posteriores al commit con ID bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+, contiene una vulnerabilidad de control de acceso incorrecto en el servidor NFS (nfsd) que puede resultar en que usuarios remotos lean o escriban archivos para los que no deberían tener permisos mediante NFS. Este ataque parece ser explotable por un servidor NFS que debe exportar un sistema de archivos con las opciones "rootsquash" habilitadas. • https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420 • CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0

CVE-2017-16914

https://notcve.org/view.php?id=CVE-2017-16914

The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. La función "stub_send_ret_submit()" (drivers/usb/usbip/stub_tx.c) en el kernel de Linux, en versiones anteriores a la 4.14.8; y las versiones 4.9.71 y 4.4.107, permite que atacantes provoquen una denegación de servicio (lectura fuera de límites) mediante un USB especialmente manipulado en un paquete IP. • http://www.securityfocus.com/bid/102150 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a https://lists.debian.org/debian-lts • CWE-476: NULL Pointer Dereference •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2017-16911

https://notcve.org/view.php?id=CVE-2017-16911

The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. El controlador vhci_hcd en el kernel de Linux, en versiones anteriores a la 4.14.8 y la 4.4.114, permite que atacantes locales revelen direcciones de memoria del kernel. La explotación con éxito requiere que se conecte un dispositivo USB mediante IP. • http://www.securityfocus.com/bid/102156 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://secuniaresearch.flexerasoftware.com/advisories/80454 https://secuniaresearch.flexerasoftware.com/secunia_research/2017- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •