CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6547 – Kernel: net/tun: ioctl() based information leaks
https://notcve.org/view.php?id=CVE-2012-6547
14 Mar 2013 — The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función __ tun_chr_ioctl en drivers/net/tun.c en el kernel de Linux anteriores a v3.6 no se inicializa una estructura determinada, que permite a usuarios locales obtener información sensible de la memoria de pila del núcleo a través de una aplicación diseñada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a117dacde0288f3ec60b6e5bcedae8fa37ee0dfc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 191EXPL: 0CVE-2012-6548 – Kernel: udf: information leak on export
https://notcve.org/view.php?id=CVE-2012-6548
14 Mar 2013 — The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. La función udf_encode_fh en fs / udf / namei.c en el kernel de Linux anteriores a v3.6 no se inicializa un miembro de cierta estructura, que permite a usuarios locales obtener información sensible de la memoria del núcleo a través de un montón de aplicaciones diseñado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0143fc5e9f6f5aad4764801015bc8d4b4a278200 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 0CVE-2012-6549
https://notcve.org/view.php?id=CVE-2012-6549
14 Mar 2013 — The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. La función isofs_export_encode_fh en fs / ISOFS / export.c en el kernel de Linux anteriores a v3.6 no se inicializa un miembro de cierta estructura, que permite a usuarios locales obtener información sensible de la memoria del núcleo a través de un montón de aplicacio... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fe685aabf7c8c9f138e5ea900954d295bf229175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2546 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2546
14 Mar 2013 — The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. El API de informe en el API de configuración de cifrado del usuario en el kernel Linux v3.8.2 utiliza una función incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener información sensible de la memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2547 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2547
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 no inicializa la estructura de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 217EXPL: 0CVE-2013-2548 – kernel: crypto: info leaks in report API
https://notcve.org/view.php?id=CVE-2013-2548
14 Mar 2013 — The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. La función crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuración de cifrado de usuario en el kernel de Linux a través de v3.8.2 utiliza un valor de longitud... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2013-1828 – Linux Kernel - 'SCTP_GET_ASSOC_STATS()' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-1828
13 Mar 2013 — The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. La función sctp_getsockopt_assoc_stats en el kernel de Linux anterior a v3.8.4 no valida el tamaño antes de proceder a una operación de copy_from_user, permitiendo a usuarios locales conseguir privilegios ... • https://www.exploit-db.com/exploits/24747 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 176EXPL: 0CVE-2013-1819 – kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end
https://notcve.org/view.php?id=CVE-2013-1819
06 Mar 2013 — The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. La función _xfs_buf_find en fs/xfs/xfs_buf.c en el kernel de Linux antes de v3.7.6 que no valida bloques de numeros, que permite a usuarios locales de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=eb178619f930fa2ba2348de332a1ff1c66a31424 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 170EXPL: 0CVE-2013-0228 – kernel: xen: userspace alterable %ds access in xen_iret()
https://notcve.org/view.php?id=CVE-2013-0228
01 Mar 2013 — The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. La función xen_iret en arch/x86/xen/xen-asm_32.S en Linux kernel anterior a 3.7.9 en plataformas 32-bit Xen paravirt_ops no manejan adecuadamente un valor invalido en el segmento del registro DS, lo que permite a usuarios en el sistema op... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d2b4d11d69a92574a55bfd985cfb0ca77aebdc • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 159EXPL: 0CVE-2013-1772 – kernel: call_console_drivers() function log prefix stripping DoS
https://notcve.org/view.php?id=CVE-2013-1772
28 Feb 2013 — The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. La función log_prefix en kernel/printk.c en el kernel Linux v3.x anterior a v3.4.33,, no elimina adecuadamente el prefijo de la cabecera de syslog, lo que permite a usuarios locales provoca... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •