CVSS: 5.0EPSS: 0%CPEs: 265EXPL: 1CVE-2013-4350 – kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit
https://notcve.org/view.php?id=CVE-2013-4350
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. La implementación IPv6 SCTP en net/sctp/ipv6.c en el kernel de Linux hasta v3.11.1 utiliza estructuras de datos y llamadas a funciones que no provocan una configuración pretendida de encriptación IPsec, lo que permite a atacantes remotos conseguir información sensible mediante la captura de tráfico de red. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://www.openwall.com/lists/oss-security/2013/09/13/3 http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2021-1 http://www.ubuntu.com/usn/USN-2022-1 http://www.ubuntu.com/usn/USN-2024-1 http://www.ubuntu.com/usn/USN-2038-1 http://www.ubuntu.com/usn/USN-2039- • CWE-310: Cryptographic Issues •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4343 – Kernel: net: use-after-free TUNSETIFF
https://notcve.org/view.php?id=CVE-2013-4343
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. Vulnerabilidad de uso despues de liberación en drivers/net/tun.c en el kernel Linux 3.11.1 permite a usuarios locales obtener privilegios aprovechado CAP_NET_ADMIN e introduciendo un nombre de interfaz tuntap inválido en una llamada TUNSETIFF ioctl. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://marc.info/?l=linux-kernel&m=137889490510745&w=2 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://www.openwall.com/lists/oss-security/2013/09/12/3 http://www.spinics.net/lists/netdev/msg250066.html http://www.ubuntu.com/usn/USN-2020-1 http • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 241EXPL: 1CVE-2013-2058 – Kernel: usb: chipidea: Allow disabling streaming not just in udc mode
https://notcve.org/view.php?id=CVE-2013-2058
The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter. La función host_start en drivers/usb/Chipidea/host.c en el kernel de Linux anterior a la versión 3.7.4 no soporta adecuadamente una determinada opción no-streaming, que permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante el envío de un gran cantidad de tráfico de red a través de un adaptador USB/Ethernet. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=929473ea05db455ad88cdc081f2adc556b8dc48f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4 http://www.openwall.com/lists/oss-security/2013/05/05/2 https://bugzilla.redhat.com/show_bug.cgi?id=959210 https://github.com/torvalds/linux/commit/929473ea05db455ad88cdc081f2adc556b8dc48f https://access.redhat.com/security/cve/CVE-2013-2058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 259EXPL: 0CVE-2013-2894
https://notcve.org/view.php?id=CVE-2013-2894
drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. El driver en el subsistema del Interfaz de Dispositivo Humano (HID) en el núcleo de Linux hasta 3.11 cuando es habilitada CONFIG_HID_LENOVO_TPKBD permite a atacantes físicos causar denegación de servicio (escritura fuera de rango en memoria dinámica) a través de un servicio manipulado • http://marc.info/?l=linux-input&m=137772187514628&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://www.ubuntu.com/usn/USN-2020-1 http://www.ubuntu.com/usn/USN-2023-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 259EXPL: 0CVE-2013-2888 – Kernel: HID: memory corruption flaw
https://notcve.org/view.php?id=CVE-2013-2888
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. Multiples indices de array en drivers/hid/hid-core.c del subsistema Dispositivo de Interfaz Humano (HID) en el núcleo de Linux hasta 3.11, permite a atacantes físicos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria dinámica) a través de un dispositivo manipulado que proporcione un Report ID inválido • http://marc.info/?l=linux-input&m=137772180514608&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.debian.org/security/2013/dsa-2766 http://www.ubuntu.com/usn/USN-1976-1 http://www.ubuntu.com/usn/USN-1977-1 http://www.ubuntu.com/usn/USN-1995-1 http://www.ubuntu.com/usn/USN-1998-1 http://www.ubuntu.com/usn/USN-2019- • CWE-20: Improper Input Validation •