CVSS: 5.5EPSS: 0%CPEs: 246EXPL: 1CVE-2013-4483 – kernel: ipc: ipc_rcu_putref refcount races
https://notcve.org/view.php?id=CVE-2013-4483
04 Nov 2013 — The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. La función ipc_rcu_putref en ipc / util.c del kernel de Linux antes de 3.10 no gestiona adecuadamente una cuenta de referencia, que permite a usuarios locales provocar una denegación de servicio (consumo de memoria o la caída del sistema) a través de una aplicación manipulada... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6062a8dc0517bce23e3c2f7d2fea5e22411269a3 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 288EXPL: 2CVE-2013-4470 – Kernel: net: memory corruption with UDP_CORK and UFO
https://notcve.org/view.php?id=CVE-2013-4470
04 Nov 2013 — The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. El kern... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c547dbf55d5f8cf615ccc0e7265e98db27d3fb8b • CWE-264: Permissions, Privileges, and Access Controls CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 2CVE-2013-4348 – kernel: net: deadloop path in skb_flow_dissect()
https://notcve.org/view.php?id=CVE-2013-4348
31 Oct 2013 — The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. La función skb_flow_dissect en net/core/flow_dissector.c en el kernel de Linux hasta la versión 3.12 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un pequeño valor en el campo IHL de un paquete con encapsulación IPIP. • https://github.com/bl4ck5un/cve-2013-4348 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 266EXPL: 2CVE-2013-4299 – kernel: dm: dm-snapshot data leak
https://notcve.org/view.php?id=CVE-2013-4299
17 Oct 2013 — Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. Conflicto de interpretación en drivers/md/dm-snap-persistent.c en el kernel de Linux hasta 3.11.6 permite a usuarios remotamente autenticados obtener información sensible o modificar datos a través de un mapeado manipulado a un dispositivo de capturas de bloque. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 274EXPL: 0CVE-2013-4345 – kernel: ansi_cprng: off by one error in non-block size request
https://notcve.org/view.php?id=CVE-2013-4345
10 Oct 2013 — Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. Error de superación en la función get_prng_bytes en crypto/ansi_cprng.c en el kernel de Linux hasta la versión 3.11.4 hace que sea más fácil para atacantes dependientes del contexto anular mecanism... • http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 6.1EPSS: 2%CPEs: 265EXPL: 1CVE-2013-4387 – Kernel: net: IPv6: panic when UFO=On for an interface
https://notcve.org/view.php?id=CVE-2013-4387
10 Oct 2013 — net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. net/ipv6/ip6_output.c en el kernel de Linux hasta la versión 3.11.4 no determina adecuadamente la necesidad de UDP ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2811ebac2521ceac84f2bdae402455baa6a7fb47 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 3CVE-2013-4300
https://notcve.org/view.php?id=CVE-2013-4300
25 Sep 2013 — The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. La función scm_check_creds en net/core/scm.c en el kernel de Linux anterior a la versión 3.11 realiza una comprobación de la capacidad en un espacio de nombres incorrecto, lo que permite a usuarios locales obtener privilegios a través de PID spoofing. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4343 – Kernel: net: use-after-free TUNSETIFF
https://notcve.org/view.php?id=CVE-2013-4343
25 Sep 2013 — Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. Vulnerabilidad de uso despues de liberación en drivers/net/tun.c en el kernel Linux 3.11.1 permite a usuarios locales obtener privilegios aprovechado CAP_NET_ADMIN e introduciendo un nombre de interfaz tuntap inválido en una llamada TUNSETIFF ioctl. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 265EXPL: 1CVE-2013-4350 – kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit
https://notcve.org/view.php?id=CVE-2013-4350
25 Sep 2013 — The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. La implementación IPv6 SCTP en net/sctp/ipv6.c en el kernel de Linux hasta v3.11.1 utiliza estructuras de datos y llamadas a funciones que no provocan una configuración pretendida de encriptación IPsec, lo que permite a atacantes remot... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2013-5634
https://notcve.org/view.php?id=CVE-2013-5634
25 Sep 2013 — arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call. arch/arm/kvm/arm.c en el kernel de Linux anterior a v3.10 en la plataforma ARM, cuando KVM es utilizado, permite a los usuarios del sistema operativo anfitrión provocar una denegación de servicio (referencia ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a • CWE-399: Resource Management Errors •