CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 1CVE-2011-1768 – kernel: netns vs proto registration ordering
https://notcve.org/view.php?id=CVE-2011-1768
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. La implementación de túneles ("tunnels") del kernel de Linux en versiones anteriores a la 2.6.34, si la funcionalidad de túneles está configurada como módulo, permite a atacantes remotos provocar una denegación de servicio (OOPS) enviando un paquete durante la carga del módulo. • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 http://www.openwall.com/lists/oss-security/2011/05/05/6 https://bugzilla.redhat.com/show_bug.cgi?id=702303 https://github.com/torvalds/linux/commit/d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 https://access.redhat.com/security/cve/CVE-2011-1768 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2484 – kernel: taskstats: duplicate entries in listener mode can lead to DoS
https://notcve.org/view.php?id=CVE-2011-2484
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. La función add_del_listener situada en kernel/taskstats.c del kernel de Linux v2.6.39.1 y versiones anteriores, no impide múltiples registros de los controladores de salida, que permiten a usuarios locales provocar una denegación de servicio (consumo de memoria y CPU), y eludir el OOM Killer, a través de una aplicación modificada. • http://lists.openwall.net/linux-kernel/2011/06/16/605 http://openwall.com/lists/oss-security/2011/06/22/1 http://openwall.com/lists/oss-security/2011/06/22/2 http://www.securityfocus.com/bid/48383 https://bugzilla.redhat.com/show_bug.cgi?id=715436 https://exchange.xforce.ibmcloud.com/vulnerabilities/68150 https://access.redhat.com/security/cve/CVE-2011-2484 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2534
https://notcve.org/view.php?id=CVE-2011-2534
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. Desbordamiento de búfer en la función clusterip_proc_write en net/ipv4/netfilter/ipt_CLUSTERIP.c en el kernel de Linux en la v2.6.39 y anteriores que podría permitir a usuarios locales provocar una denegación de servicio (caída) o que tienen un impacto no especificado a través de una operación de escritura a mano, en relación a los datos de cadena que carece de un terminador '\ 0'. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=961ed183a9fd080cf306c659b8736007e44065a5 http://marc.info/?l=netfilter&m=129978077509888&w=2 http://marc.info/?l=netfilter-devel&m=130036157327564&w=2 http://securityreason.com/securityalert/8284 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 http://www.openwall.com/lists/oss-security/2011/03/18/15 http://www.openwall.com/lists/oss-security/2011/03/21/1 http://www.openwall& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4655 – kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
https://notcve.org/view.php?id=CVE-2010-4655
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. net/core/ethtool.c en el kernel de Linux anterior a 2.6.36 no inicializa ciertas estructuras de datos, lo que permite a usuarios locales obtener información potencialmente sensible de la memoria dinámica del kernel elevando la capacidad CAP_NET_ADMIN de una llamada ethtool ioctl. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b00916b189d13a615ff05c9242201135992fcda3 http://openwall.com/lists/oss-security/2011/01/24/9 http://openwall.com/lists/oss-security/2011/01/25/3 http://openwall.com/lists/oss-security/2011/01/25/4 http://openwall.com/lists/oss-security/2011/01/25/5 http://openwall.com/lists/oss-security/2011/01/28/1 http://secunia.com/advisories/46397 http://www.kernel.org/pub/linux/kernel/v2& • CWE-665: Improper Initialization •
CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0CVE-2011-2107 – flash-plugin: Cross-site scripting vulnerability (APSB11-13)
https://notcve.org/view.php?id=CVE-2011-2107
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flash Player anteriores a v10.3.181.22 en Windows, Mac OS X, Linux, y Solaris, y v10.3.185.22 y anteriores en Android, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos, relacionado con "vulnerabilidad universal de ejecución de comandos en sitios cruzados". • http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html http://secunia.com/advisories/44846 http://secunia.com/advisories/44847 http://secunia.com/advisories/44871 http://secunia.com/advisories/44872 http://secunia.com/advisories/44946 http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-13.html http://www.blackberry.com/btsc/KB27240 http://www.redhat.com/support/errata/RHSA-2011-0850.html http://www.securityfocus.com/bid&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •