Page 632 of 3789 results (0.019 seconds)

CVSS: 4.7EPSS: 0%CPEs: 338EXPL: 0

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. drivers/firewire/ohci.c en el kernel de Linux anterior a v2.6.32-git9, cuando se usa el modo packet-per-buffer, permite a usuarios locales provocar una denegación de servicio (deferencia a puntero NULL y caída del sistema) o posiblemente otro impacto desconocido a través de un ioctl sin especificar asociado a cuando se recibe un paquete ISO que contiene Zero en el campo payload-length. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/66747 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://support.avaya.com/css/P8/documents/ • CWE-399: Resource Management Errors •

CVSS: 4.9EPSS: 0%CPEs: 340EXPL: 0

Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. Vulnerabilidad sin especificar en la implementación EXT4_IOC_MOVE_EXT (también conocido como "move extents") ioctl en el sistema de ficheros ext4 en el kernel de Linux v2.6.32-git6 y anteriores permite a usuarios locales producir una denegación de servicio (corrupción del sistema de ficheros) a través de vectores desconocidos, una vulnerabilidad diferente que CVE-2009-4131. • http://grsecurity.org/test/grsecurity-2.1.14-2.6.32-200912112157.patch http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://secunia.com/advisories/38017 http://twitter.com/fotisl/statuses/6568947714 http://twitter.com/spendergrsec/statuses/6551797457 http://twitter.com/spendergrsec/statuses/6567167692 http://twitter.com/spendergrsec/statuses/6569596339 http://twitter.com/spendergrsec/statuses/6572069107 http://twitter.com/spendergrsec/statuses/6583954567 http://twitter.com& •

CVSS: 7.1EPSS: 2%CPEs: 332EXPL: 1

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). La funcion ext4_fill_flex_info en fs/ext4/super.c en el kernel de Linux anteriores a v2.6.32-git6 permite a atacantes remotos asistidos por el usuario producir una denegación de servicio (error de división por cero y panic) a través de un sistema de ficheros ext4 malformado que contenga un super bloque con un valor de tamaño de grupo FLEX_BG grande (también conocido como valor s_log_groups_per_flex). • http://bugzilla.kernel.org/show_bug.cgi?id=14287 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=503358ae01b70ce6909d19dd01287093f6b6271c http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lkml.org/lkml/2009/12/9/255 http://secunia.com/advisories/37658 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://www.kernel.org&#x • CWE-189: Numeric Errors •

CVSS: 7.1EPSS: 2%CPEs: 331EXPL: 0

The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. La funcion ext4_decode_error en fs/ext4/super.c en el sistema de ficheros ext4 en el kernel de Linux anteriores a v2.6.32 permite a atacantes remotos asistidos por el usuario producir una denegación de servicio (desreferencia a punteru NULL), y posiblemente tienes mas impacto sin especificar, a través de de un sistema de ficheros solo de lectura que carece de journal. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f1ddbb498283c2445c11b0dfa666424c301803 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://secunia.com/advisories/37658 http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://secunia.com/advisories/43315 http://www • CWE-399: Resource Management Errors CWE-476: NULL Pointer Dereference •

CVSS: 7.2EPSS: 0%CPEs: 340EXPL: 1

The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. La implementación ioctl EXT4_IOC_MOVE_EXT (tambien conocido como move extents) en el sistema de ficheros ext4 en el kernel de Linux en versiones anteriores a v2.6.32-git6 permite a usuarios locales sobrescribir ficheros arbitrariamente a través de peticiones manipuladas, relacionado con los controles insuficientes para permisos de ficheros. • https://www.exploit-db.com/exploits/33395 http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lkml.org/lkml/2009/12/9/255 http://secunia.com/advisories/37658 http://secunia.com/advisories/37686 http://secunia.com/advisories/38017 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log http://www.mandriva.com/s • CWE-264: Permissions, Privileges, and Access Controls •