CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6539
https://notcve.org/view.php?id=CVE-2012-6539
14 Mar 2013 — The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función dev_ifconf en net/socket.c en el kernel de Linux anterior a v3.6 no inicializa correctamente cierta estructura, permitiendo a usuarios locales obtener información sensible de la memoria de pila del núcleo a través de una aplicación especialmente diseñada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=43da5f2e0d0c69ded3d51907d9552310a6b545e8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6540
https://notcve.org/view.php?id=CVE-2012-6540
14 Mar 2013 — The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función do_ip_vs_get_ctl en net/netfilter/ipvs/ip_vs_ctl.c en el kernel de Linux anterior a v3.6 no inicializa correctamente cierta estructura para comandos IP_VS_SO_GET_TIMEOUT, permitiendo a usuarios locales obtener información ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2d8a041b7bfe1097af21441cb77d6af95f4f4680 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6541
https://notcve.org/view.php?id=CVE-2012-6541
14 Mar 2013 — The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función ccid3_hc_tx_getsockopt en net/dccp/ccids/ccid3.c en el kernel de Linux anterior a v3.6 no inicializa correctamente cierta estructura, permitiendo a usuarios locales obtener información sensible de la memoria de pila del núcleo a través de una aplicación espe... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b07f8eb75aa3097cdfd4f6eac3da49db787381d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2012-6542 – Kernel: llc: information leak via getsockname
https://notcve.org/view.php?id=CVE-2012-6542
14 Mar 2013 — The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. La función llc_ui_getname en net/llc/af_llc.c en el kernel de Linux anterior a v3.6 no tiene un incorrecto valor de retorno en ciertas circunstancias, permitiendo a usuarios locales obtener información sensible de la me... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3592aaeb80290bda0f2cf0b5456c97bfc638b192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6543
https://notcve.org/view.php?id=CVE-2012-6543
14 Mar 2013 — The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función l2tp_ip6_getname en net/l2tp/l2tp_ip6.c en el kernel de Linux anterior a v3.6 no inicializa correctamente cierta estructura, permitiendo a usuarios locales obtener información sensible de la memoria de pila del núcleo a través de una aplicación especialmente d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=04d4fbca1017c11381e7d82acea21dd741e748bc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2013-1828 – Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-1828
13 Mar 2013 — The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. La función sctp_getsockopt_assoc_stats en el kernel de Linux anterior a v3.8.4 no valida el tamaño antes de proceder a una operación de copy_from_user, permitiendo a usuarios locales conseguir privilegios ... • https://www.exploit-db.com/exploits/24747 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 176EXPL: 0CVE-2013-1819 – kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end
https://notcve.org/view.php?id=CVE-2013-1819
06 Mar 2013 — The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. La función _xfs_buf_find en fs/xfs/xfs_buf.c en el kernel de Linux antes de v3.7.6 que no valida bloques de numeros, que permite a usuarios locales de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eb178619f930fa2ba2348de332a1ff1c66a31424 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 170EXPL: 0CVE-2013-0228 – kernel: xen: userspace alterable %ds access in xen_iret()
https://notcve.org/view.php?id=CVE-2013-0228
01 Mar 2013 — The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. La función xen_iret en arch/x86/xen/xen-asm_32.S en Linux kernel anterior a 3.7.9 en plataformas 32-bit Xen paravirt_ops no manejan adecuadamente un valor invalido en el segmento del registro DS, lo que permite a usuarios en el sistema op... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc • CWE-189: Numeric Errors •