CVSS: 8.1EPSS: 2%CPEs: 26EXPL: 3CVE-2010-2943 – XFS - Deleted Inode Local Information Disclosure
https://notcve.org/view.php?id=CVE-2010-2943
30 Sep 2010 — The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo q... • https://packetstorm.news/files/id/94354 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3084 – kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
https://notcve.org/view.php?id=CVE-2010-3084
29 Sep 2010 — Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. Desbordamiento de búfer en la función niu_get_ethtool_tcam_all en drivers/net/niu.c en el kernel de Linux anteriores a v2.6.36-rc4 permite a usuarios locales causar una denegación de servicio o posiblemente tener un impacto no especificado a través del comando ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2478 – Ubuntu Security Notice USN-1093-1
https://notcve.org/view.php?id=CVE-2010-2478
29 Sep 2010 — Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. Desbordamiento de enteros en la función ethtool_get_rxnfc en net/core/ethtool.c en el kernel de Linux anterior a v2.6.33.7 en plataformas ... • http://article.gmane.org/gmane.linux.network/164869 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2010-2946 – Mandriva Linux Security Advisory 2011-051
https://notcve.org/view.php?id=CVE-2010-2946
29 Sep 2010 — fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name. fs/jfs/xattr.c en el kernel de Linux anterior a v2.6.35.2 no controla correctamente un cierto formato antiguo para el almacenamiento de los atributos extendidos, lo cual podría permitir a usuarios locales eludir las restricciones de espacio de no... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 • CWE-20: Improper Input Validation •
CVSS: 1.9EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3310 – Debian Security Advisory 2126-1
https://notcve.org/view.php?id=CVE-2010-3310
29 Sep 2010 — Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. Múltiples errores de signo entero en net/rose/af_rose.c en el kernel de Linux anteriores a v2.6.36-RC5-next-20100923 permite a usuarios locales provocar una denegación de servicio (corrupción en la pila... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9828e6e6e3f19efcb476c567b9999891d051f52f • CWE-189: Numeric Errors •
CVSS: 6.6EPSS: 1%CPEs: 23EXPL: 5CVE-2010-3437 – Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure
https://notcve.org/view.php?id=CVE-2010-3437
29 Sep 2010 — Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. Error de presencia de signo en entero en la función pkt_find_dev_from_minor de drivers/block/pktcdvd.c del kernl de Linux en versiones anteriores a la 2.6.36-rc6 permite a u... • https://packetstorm.news/files/id/94334 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2010-1773 – Mandriva Linux Security Advisory 2011-039
https://notcve.org/view.php?id=CVE-2010-1773
24 Sep 2010 — Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118. Error de superación de límite (off-by-one) en la función toAlphabetic de rendering/RenderListMarker.cpp de WebCor... • http://code.google.com/p/chromium/issues/detail?id=44955 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2010-1772 – Mandriva Linux Security Advisory 2011-039
https://notcve.org/view.php?id=CVE-2010-1772
24 Sep 2010 — Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. Vulnerabilidad de usar después de liberar en page/Geolocation.cpp de WebCore en WebKit en versiones anteriores a la r59859, como se ha utilizado en Google Chrome en ... • http://code.google.com/p/chromium/issues/detail?id=44868 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-3477 – kernel: net/sched/act_police.c infoleak
https://notcve.org/view.php?id=CVE-2010-3477
21 Sep 2010 — The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. La función tcf_act_police_dump en net/sched/act_police.c del kernel Linux anterior ... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2010-2942 – kernel: net sched: fix some kernel memory leaks
https://notcve.org/view.php?id=CVE-2010-2942
21 Sep 2010 — The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sc... • http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 • CWE-401: Missing Release of Memory after Effective Lifetime •