Page 919 of 5146 results (0.100 seconds)

CVSS: 5.0EPSS: 1%CPEs: 114EXPL: 1

CVE-2009-1265

https://notcve.org/view.php?id=CVE-2009-1265

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. Desbordamiento de entero en rose_sendmsg (sys/net/af_rose.c) en el kernel de Linux v2.6.24.4 y otras versiones anteriores a la 2.6.30-rc1, podría permitir a atacantes remotos conseguir información sensible a través de un valor largo, lo que causaría que la "basura" de la memoria fuese enviada. • http://bugzilla.kernel.org/show_bug.cgi?id=10423 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://osvdb.org/53571 http:/ • CWE-189: Numeric Errors •

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

CVE-2009-1242

https://notcve.org/view.php?id=CVE-2009-1242

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. La función vmx_set_msr en arch/x86/kvm/vmx.c en la implementación VMX en el subsistema KVM en el kernel de Linux anteriores a v2.6.29.1 en la plataforma i386 permite a los usuarios invitados del SO causar una denegación de servicio (OOPS) estableciendo el bit EFER_LME (también conocido como "modo largo habilitado") en la Extended Feature Enable Register (EFER) registro específico de modelo, lo que es específico para la plataforma x86_64. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16175a796d061833aacfbd9672235f2d2725df65 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://openwall.com/lists/oss-security/2009/04/01/3 http://patchwork.kernel.org/patch/15549 http://secunia.com/advisories/34478 http://secunia.com/advisories/34981 http://secunia.com/advisories/35120 http://secunia.com • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-1243

https://notcve.org/view.php?id=CVE-2009-1243

net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other files, related to the "udp seq_file infrastructure." net/ipv4/udp.c en el kernel de Linux anteriores a v2.6.29.1, desarrolla un paso desbloqueante en ciertas circunstancias incorrectas, lo que permite a los usuarios locales causar una denegación de servicio (panic) por lectura de cero bytes desde el archivo /proc/net/udp y otros no especificado, en relación a "udp seq_file infrastructure." • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=30842f2989aacfaba3ccb39829b3417be9313dbe http://openwall.com/lists/oss-security/2009/04/01/4 http://secunia.com/advisories/34478 http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-proc-net-udp-8586 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1 http://www.securityfocus.com/bid/34329 http://www.vupen.com/english/advisories/2009/0924 https://exchange.xforce.ibmcloud&# • CWE-667: Improper Locking •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2009-0787 – kernel: ecryptfs file header infoleak

https://notcve.org/view.php?id=CVE-2009-0787

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory. La función ecryptfs_write_metadata_to_contents en la funcionalidad eCryptfs en el kernel Linux v2.6.28 anterior a v2.6.28.9 emplea un tamaño incorrecto cuando escribe de la memoria del kernel a la cabecera del archivo eCryptfs, lo que dispara una lectura fuera de rango y permite a usuarios locales obtener porciones d la memoria del kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8faece5f906725c10e7a1f6caf84452abadbdc7b http://osvdb.org/52860 http://rhn.redhat.com/errata/RHSA-2009-0473.html http://secunia.com/advisories/34422 http://secunia.com/advisories/35015 http://secunia.com/advisories/37471 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/34216 http:&# • CWE-189: Numeric Errors •

CVSS: 6.2EPSS: 96%CPEs: 22EXPL: 0

CVE-2009-1072 – kernel: nfsd should drop CAP_MKNOD for non-root

https://notcve.org/view.php?id=CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petición de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opción root_squash. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://secunia.com/advisories/34422 http://secunia.com/advisories/34432 http://sec • CWE-16: Configuration •