Page 79 of 481 results (0.023 seconds)

CVSS: 1.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2010-4082 – kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory

https://notcve.org/view.php?id=CVE-2010-4082

The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. La función viafb_ioctl_get_viafb_info en drivers/video/via/ioctl.c en el kernel de Linux anterior a v2.6.36-rc5 no inicializa correctamente un valor de una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de la memoria del kernel a través de una llamada ioctl VIAFB_GET_INFO . • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4aaa78f4c2f9cde2f335b14f4ca30b01f9651ca http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.indiana.edu/hypermail//linux/kernel/1009.1/03392.html http://secunia.c • CWE-909: Missing Initialization of Resource •

CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0

CVE-2010-3874 – kernel: CAN minor heap overflow

https://notcve.org/view.php?id=CVE-2010-3874

Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. Desbordamiento de búfer basado en memoria dinámica (heap) en la función bcm_connect en net/can/bcm.c (también conocido como el Broadcast Manager) en la implementación del Controller Area Network en el kernel de Linux v2.6.36 sobre plataformas de 64 bits, podría permitir a usuarios locales provocar una denegación de servicio (corrupción de memoria) a través de una operación connect. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0597d1b99fcfc2c0eada09a698f85ed413d4ba84 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://o • CWE-787: Out-of-bounds Write •

CVSS: 1.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2010-3876 – kernel: net/packet/af_packet.c: reading uninitialized stack memory

https://notcve.org/view.php?id=CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. net/packet/af_packet.c en el kernel de Linux anterior a v2.6.37-rc2 no inicializa correctamente ciertos miembros de la estructura, que permite a usuarios locales obtener información sensible de la pila del núcleo de la memoria mediante el aprovechamiento de la capacidad CAP_NET_RAW para leer las copias de las estructuras de aplicación. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=67286640f638f5ad41a946b9a3dc75327950248f http://marc.info/?l=linux-netdev&m=128854507220908&w=2 http://openwall.com/lists/oss-security/2010/11/02/10 http://openwall.com/lists/oss-security/2010/11/02/12 http://openwall.com/lists/oss-security/2010/11/02/7 http://openwall.com/lists/oss-security/2010/11/02/9 http://openwall.com/lists/oss-security/2010/11/04/5 http://secunia.com • CWE-909: Missing Initialization of Resource •

CVSS: 5.0EPSS: 6%CPEs: 4EXPL: 0

CVE-2010-3873

https://notcve.org/view.php?id=CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164. La implementación de X.25 en el kernel de Linux anterior a v2.6.36.2 no analiza adecuadamente las instalaciones, lo que permite a atacantes remotos provocar una denegación de servicio (daños en el montón de memoria y el pánico) o posiblemente tener un impacto no especificado a través de formato incorrecto (1) X25_FAC_CALLING_AE o (2) Los datos X25_FAC_CALLED_AE, relacionados con net/x25/x25_facilities.c y net/x25/x25_in.c, una vulnerabilidad diferente de CVE-2010-4164. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6331d6f9a4298173b413cf99a40cc86a9d92c37 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://openwall.com/lists/oss-security/2010/11/03/2 http://openwall.com/lists/oss-security/2010/11/04/3 http://secunia.com/advisories/43291 http://www.debian.org/security/2010/dsa-2126 http://www.kernel.org/pub&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2010-4080 – kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory

https://notcve.org/view.php?id=CVE-2010-4080

The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call. La función snd_hdsp_hwdep_ioctl en sound/pci/rme9652/hdsp.c en el kernel de Linux anterior a v2.6.36-rc6 no inicializa una determinada estructura, lo que permite a usuarios locales obtener información sensible de la pila de la memoria del kernel a través de una llamada ioctl SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e68d3b316ab7b02a074edc4f770e6a746390cb7d http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://lkml.org/lkml/2010/9/25/41 http://secunia.com/advisories/42778 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •