CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 1CVE-2014-1690 – Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper
https://notcve.org/view.php?id=CVE-2014-1690
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. La función de ayuda en net/netfilter/nf_nat_irc.c en el kernel de Linux anterior a 3.12.8 permite a atacantes remotos obtener información sensible de la memoria del kernel mediante el establecimiento de una sesión IRC DCC en la cual datos de paquetes incorrectos son transmitidos durante el uso de la funcionalidad NAT mangle. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8 http://www.openwall.com/lists/oss-security/2014/01/28/3 http://www.ubuntu.com/usn/USN-2137-1 http://www.ubuntu.com/usn/USN-2140-1 http://www.ubuntu.com/usn/USN-2158-1 https://bugzilla.redhat.com/show_bug.cgi?id=1058748 https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6638 – Kernel: net: tcp: potential DoS via SYN+FIN messages
https://notcve.org/view.php?id=CVE-2012-6638
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663. La función tcp_rcv_state_process en net/ipv4/tcp_input.c en el kernel de Linux anterior a 3.2.24 permite a atacantes remotos causar una denegación de servicio (consumo de recursos del kernel) a través de una inundación de paquetes TCP SYN+FIN, una vulnerabilidad diferente a CVE-2012-2663. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdf5af0daf8019cec2396cdef8fb042d80fe71fa http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 https://bugzilla.redhat.com/show_bug.cgi?id=826702 https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa https://access.redhat.com/security/cve/CVE-2012-6638 https://bugzilla.redhat.com/show_bug.cgi?id=1066055 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 8CVE-2014-0038 – Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat (PoC)
https://notcve.org/view.php?id=CVE-2014-0038
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. La función compat_sys_recvmmsg en net/compat.c en el kernel de Linux anterior a 3.13.2 cuando está habilitado CONFIG_X86_X32, permite a usuarios locales ganar privilegios a través de una llamada al sistema recvmmsg manipulada con un parámetro puntero a "timeout" manipulado. • https://www.exploit-db.com/exploits/31305 https://www.exploit-db.com/exploits/40503 https://www.exploit-db.com/exploits/31346 https://www.exploit-db.com/exploits/31347 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2def2ef2ae5f3990aabdbe8a755911902707d268 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://pastebin.com/raw.php?i=DH3Lbg54 http://s • CWE-20: Improper Input Validation •
CVSS: 1.7EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1444
https://notcve.org/view.php?id=CVE-2014-1444
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. La función fst_get_iface en drivers/net/wan/farsync.c del kernel Linux anteriores a 3.11.7 no inicializa apropiadamente cierta estructura de datos, lo cual permite a usuarios locales obtener información sensible de la memoria dle kernel, aprovechando la funcionalidad CAP_NET_ADMIN para una llamada SIOCWANDEV ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=96b340406724d87e4621284ebac5e059d67b2194 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 http://www.openwall.com/lists/oss-security/2014/01/15/3 http://www.securityfocus.com/bid/64952 http://www.ubuntu.com/usn/USN-2128-1 http://www.ubuntu.com/usn/USN-2129-1 https://bugzilla.redhat.com/show_bug.cgi?id=1053610 https://exchange.xforce.ibmcloud.com/vulnerabilities/90443 https:&#x • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1445
https://notcve.org/view.php?id=CVE-2014-1445
The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. La función wanxl_ioctl en drivers/net/wan/wanxl.c en el kernel Linux anteriores a 3.11.7 no inicializa cierta estructura de datos apropiadamente, lo cual permite a usuarios locales obtener información sensible de la memoria del kernel a través de un allamada ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7 http://www.openwall.com/lists/oss-security/2014/01/15/3 http://www.securityfocus.com/bid/64953 http://www.ubuntu.com/usn/USN-2128-1 http://www.ubuntu.com/usn/USN-2129-1 https://bugzilla.redhat.com/show_bug.cgi?id=1053613 https://exchange.xforce.ibmcloud.com/vulnerabilities/90444 https:&#x • CWE-399: Resource Management Errors •