CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-9904 – Ubuntu Security Notice USN-3127-2
https://notcve.org/view.php?id=CVE-2014-9904
27 Jun 2016 — The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. La función snd_compress_check_input en sound/core/compress_offload.c en el subsistema ALSA en el kernel de Linux en versiones anteriores a 3.17 no comprueba ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205 •
CVSS: 7.8EPSS: 10%CPEs: 26EXPL: 6CVE-2016-4997 – Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4997
27 Jun 2016 — The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Las implementaciones de compat IPT_SO_SET_REPLACE y IP6T_SO_SET_REPLACE setsockopt en el subsistema netfilter en el kernel de Linux antes de 4.6.3 permiten a los usuarios lo... • https://packetstorm.news/files/id/139880 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4998 – kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt
https://notcve.org/view.php?id=CVE-2016-4998
27 Jun 2016 — The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. La implementación de setsockopt IPT_SO_SET_REPLACEIPT_SO_SET_REPLACE en el subsistema de netfilter en el kernel de Linux en versiones anteriores a 4.6... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2061
https://notcve.org/view.php?id=CVE-2016-2061
13 Jun 2016 — Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. Error de entero sin signo en el controlador de video MSM V4L2 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovat... • http://source.android.com/security/bulletin/2016-06-01.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2066
https://notcve.org/view.php?id=CVE-2016-2066
13 Jun 2016 — Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. Error de entero sin signo en el controlador de audio MSM QDSP6 para el kernel de Linux 3.x, según se utiliza en contribuciones Android Qualcomm Innovation Center (QuIC) para dispositivos MSM ... • http://source.android.com/security/bulletin/2016-06-01.html • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 2CVE-2016-1583 – Linux Kernel - 'ecryptfs' '/proc/$pid/environ' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1583
10 Jun 2016 — The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. La función ecryptfs_privileged_open en fs/ecryptfs/kthread.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (consumo de memoria... • https://packetstorm.news/files/id/137560 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2016-4913 – kernel: Information leak when handling NM entries containing NUL
https://notcve.org/view.php?id=CVE-2016-4913
23 May 2016 — The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. La función get_rock_ridge_filename en fs/isofs/rock.c en el kernel de Linux en versiones anteriores a 4.5.5 no maneja correctamente entradas NM (también conocidas como alternate name) que contienen caract... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-4951 – Ubuntu Security Notice USN-3016-4
https://notcve.org/view.php?id=CVE-2016-4951
23 May 2016 — The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. La función tipc_nl_publ_dump en net/tipc/socket.c en el kernel de Linux hasta la versión 4.6 no verifica la existencia del socket, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45e093ae2830cd1264677d47ff9a95a71f5d9f9c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2016-4794 – kernel: Use after free in array_map_alloc
https://notcve.org/view.php?id=CVE-2016-4794
23 May 2016 — Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. Vulnerabilidad de uso después de liberación de memoria en el kernel de Linux hasta la versión 4.6 permite a usuarios locales provocar una denegación de servicio (BUG) o posiblemente tener otro impacto no especificado a través del uso manipulado de llamadas de sistema mmap y bpf. Use after ... • http://rhn.redhat.com/errata/RHSA-2016-2574.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2016-4805 – Ubuntu Security Notice USN-3021-2
https://notcve.org/view.php?id=CVE-2016-4805
23 May 2016 — Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios local... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 • CWE-416: Use After Free •