Page 556 of 2793 results (0.018 seconds)

CVSS: 5.2EPSS: 0%CPEs: 11EXPL: 0

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. La función pciback_enable_msi en el controlador PCI backend (drivers/xen/pciback/conf_space_capability_msi.c) en Xen para Linux kernel v2.6.18 y v3.8, permite que los usuarios de los sistemas operativos huésped (guest) puedan provocar una denegación de servicio a través de un número elevado de mensajes de log del kernel. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://osvdb.org/89903 http://secunia.com/advisories/52059 http://www.debian.org/security/2013/dsa-2632 http://www.openwall.com/lists/oss-security/2013/02/05/9 http://www.securityfocus.com/bid/57740 https://exchange.xforce.ibmcloud.com/vulnerabilities/81923 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 171EXPL: 1

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. El kernel de Linux hasta v3.7.9 permite a usuarios locales obtener información sensible mediante el "keystroke timing" con la API inotify en el dispositivo /dev/ptmx • https://www.exploit-db.com/exploits/24459 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html http://www.openwall.com/lists/oss-security/2013/01/08/3 http://www.ubuntu.co • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. El subsistema de KVM en el kernel de Linux antes de v3.6.9, cuando se ejecuta en máquinas que utilizan el espacio de usuario qemu sin XSAVE, permite a usuarios locales provocar una denegación de servicio (kernel oops) mediante la KVM_SET_SREGS ioctl para establecer el bit X86_CR4_OSXSAVE en el huésped registro cr4 , y luego llamar a la KVM_RUN ioctl. • http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://rhn.redhat.com/errata/RHSA-2013-0223.html http://rhn.redhat.com/errata/RHSA-2013-0882.html http://secunia.com/advisories/51160 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9 http://www.openwall.com/lists/oss •

CVSS: 2.1EPSS: 0%CPEs: 169EXPL: 1

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. La función load_script en fs/binfmt_script.c en el kernel de Linux anterior a v3.7.2 no controla correctamente la recursividad, permitiendo a usuarios locales obtener información sensible de la memoria de pila del kernl a través de una aplicación especialmente diseñada. • https://www.exploit-db.com/exploits/41767 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b66c5984017533316fd1951770302649baf1aa33 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html http://rhn.redhat.com/errata/RHSA-2013-0223.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.2 http://www.openwall.com/lists/oss-security/2012/10/19/3 https://bugzilla.redhat.com/show_bug.cgi?id=868285 https://github.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 131EXPL: 0

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. La función principal de tools/hv/hv_kvp_daemon.c en hypervkvpd, distribuido en el kernel de Linux antes de v3.8-rc1, permite a usuarios locales provocar una denegación de servicio (salida ordenada del demonio) a través de una aplicación diseñada para tal fin que envía un mensaje netlink. NOTA: esta vulnerabilidad se debe a una solución incorrecta para CVE-2012-2669a. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95a69adab9acfc3981c504737a2b6578e4d846ef http://rhn.redhat.com/errata/RHSA-2013-0807.html http://www.kernel.org/pub/linux/kernel/v3.x/testing http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2 http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://www.openwall.com/lists/oss-security/2012/11/27/12 http://www.securityfocus.com/bid/56710 https://bugzilla. •