CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0006 – kernel: ima: fix add LSM rule bug
https://notcve.org/view.php?id=CVE-2011-0006
21 Jun 2012 — The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. La función ima_lsm_rule_init en security/integrity/ima/ima_policy.c en versiones del kernel de Linux anteriores a v2.6.37, cuando 'Linux Security Modules' (LSM) está desacti... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1080 – kernel: ebtables stack infoleak
https://notcve.org/view.php?id=CVE-2011-1080
21 Jun 2012 — The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. La función de do_replace en net/bridge/netfilter/ebtables.c en versiones del kernel de Linux anteriores a v2.6.39 no garantiza que un nombre de campo ... • http://downloads.avaya.com/css/P8/documents/100145416 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2011-4324 – kernel: nfsv4: mknod(2) DoS
https://notcve.org/view.php?id=CVE-2011-4324
21 Jun 2012 — The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. La función de encode_share_access fs/nfs/nfs4xdr.c en versiones del kernel de Linux anteriores a v2.6.29 permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante el uso de la llamada al sistema 'mknod' con una ruta de acceso en un sistema de archiv... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2010-4648 – kernel: orinoco: fix TKIP countermeasure behaviour
https://notcve.org/view.php?id=CVE-2010-4648
21 Jun 2012 — The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames. La función de orinoco_ioctl_set_auth en drivers/net/wireless/orinoco/wext.c en el kernel de Linux en vesiones anteriores a la v2.6.37 no implementa un mecanismo de protección TKIP, lo que facilita a los atacantes remotos a la hora de obtener ... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1477
https://notcve.org/view.php?id=CVE-2011-1477
21 Jun 2012 — Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. Múltiples errores de índice de matriz en sound/oss/opl3.c en versiones del kernel de Linux anteriores a v2.6.39 permiten a usuarios locales provocar una denegación de servicio (corrupción de memoria dinámica) o posiblemente obtener privilegios mediante el aprovechamiento del acceso d... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2011-1023 – kernel: BUG_ON() in rds_send_xmit()
https://notcve.org/view.php?id=CVE-2011-1023
21 Jun 2012 — The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. El subsistema 'Reliable Datagram Sockets' (SDR) del kernel de Linux en versiones anteriores a v2.6.38 no gestiona correctamente las actualizaciones del mapa de congestiones, lo que permi... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38 •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1476
https://notcve.org/view.php?id=CVE-2011-1476
21 Jun 2012 — Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. Un desbordamiento de entero en el subsistema 'Open Sound System' (OSS) del kernel de Linux en versiones anteriores a v2.6.39 en plataformas no-x86 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) mediante el aprovechamiento del acceso... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 1CVE-2012-0028 – kernel: futex: clear robust_list on execve
https://notcve.org/view.php?id=CVE-2012-0028
21 Jun 2012 — The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. La implementación de robust futex en el kernel de Linux antes de v2.6.28 no maneja adecuadamente los procesos que realizan llamadas Exec System Recovery, lo que permite a usuarios locales provocar una denegación de servicio o posiblemente obtener p... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4914
https://notcve.org/view.php?id=CVE-2011-4914
21 Jun 2012 — The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. La implementación del protocolo ROSE en el kernel de Linux anteriores a v2.6.39 no verifica que algunos valores de la longitud de datos son consistentes con la cantidad de datos env... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4650
https://notcve.org/view.php?id=CVE-2010-4650
21 Jun 2012 — Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server. Un desbordamiento de búfer en la función fuse_do_ioctl en fs/fusible/file.c en versiones del kernel de Linux anteriores a v2.6.37 permite a usuarios locales provocar una denegación de servicio o posiblemente tener un impacto no especificado mediante el aprovechamiento de ... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •