CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2011-2493
https://notcve.org/view.php?id=CVE-2011-2493
13 Jun 2012 — The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. La función ext4_fill_super de fs/ext4/super.c del kernel de Linux en versiones anteriores a la 2.6.39 no inicializa apropiadamente una determinada estructura de datos de error-report. Lo que permite a usuarios locales provocar una denegación de servic... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2011-2494 – kernel: taskstats io infoleak
https://notcve.org/view.php?id=CVE-2011-2494
13 Jun 2012 — kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password. kernel/taskstats.c del kernel de Linux en versiones anteriores a la 3.1 permite a usuarios locales obtener información confidencial de estadísticas de I/O enviando comandos taskstats al socket netlink, tal como se ha demostrado descubriendo la longitud de la contraseña de otro usuario. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1a51410abe7d0ee4b1d112780f46df87d3621043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2011-2495 – kernel: /proc/PID/io infoleak
https://notcve.org/view.php?id=CVE-2011-2495
13 Jun 2012 — fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. fs/proc/base.c del kernel de Linux en versiones anteriores a la 2.6.39.4 no restringe el acceso apropiadamente a los archivos /proc/#####/io, lo que facilita a usuarios locales obtener estadísticas sobre I/O confidenciales consultando un archivo, como s... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 1CVE-2011-2496 – kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions
https://notcve.org/view.php?id=CVE-2011-2496
13 Jun 2012 — Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. Desbordamiento de entero en la función vma_to_resize de mm/mremap.c del kernel de Linux en versiones anteriores a la 2.6.39. Permite a usuarios locales provocar una denegación de servicio (BUG_ON y caída del sistema) a través de una llamada del sistema mremap modificada que exp... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3353 – kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
https://notcve.org/view.php?id=CVE-2011-3353
24 May 2012 — Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. Desbordamiento de búfer en la función fuse_notify_inval_entry function in fs/fuse/dev.c en el kernel de Linux antes de v3.1 permite a usuarios locales causar una denegación de servicio (BUG_ON y caída del sistema) mediante el aprovechamiento de la capacidad de montar un sistema d... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2898 – kernel: af_packet: infoleak
https://notcve.org/view.php?id=CVE-2011-2898
24 May 2012 — net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. net/packet/af_packet.c en el kernel de Linux antes de v2.6.39.3 no restringe adecuadamente el acceso al espacio de usuario a ciertas estructuras de paquetes de datos asociados VLAN Tag Control Information, lo que permite a usuarios ... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-2918 – Linux Kernel 3.0.0 - 'perf_count_sw_cpu_clock' event Denial of Service
https://notcve.org/view.php?id=CVE-2011-2918
24 May 2012 — The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. El subsistema Performance Events en el kernel de Linux antes de v3.1 no trata correctamente los desbordamientos de eventos asociados con eventos PERF_COUNT_SW_CPU_CLOCK, lo que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) a tr... • https://www.exploit-db.com/exploits/17769 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4080 – kernel: sysctl: restrict write access to dmesg_restrict
https://notcve.org/view.php?id=CVE-2011-4080
24 May 2012 — The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. La función sysrq_sysctl_handler en kernel/sysctl.c en el kernel de Linux antes de v2.6.39 no requiere la capacidad de CAP_SYS_ADMIN para mod... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4081 – kernel: crypto: ghash: null pointer deref if no key is set
https://notcve.org/view.php?id=CVE-2011-4081
24 May 2012 — crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. crypto/ghash-generic.c en el kernel de Linux antes de v3.1 permite a usuarios locales causar una denegación de servicio (desreferenci... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7ed47b7d142ec99ad6880bbbec51e9f12b3af74c • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 6%CPEs: 26EXPL: 0CVE-2011-3188 – kernel: net: improve sequence number generation
https://notcve.org/view.php?id=CVE-2011-3188
24 May 2012 — The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. Las implementaciones de (1) IPv4 y (2) IPv6 en el kernel de Linux antes de v3.1 utiliza una versión modificada de algoritmo MD4 para generar números de secuencia y val... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6e5714eaf77d79ae1c8b47e3e040ff5411b717ec •