National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:linux:linux_kernel:2.6.14.1
There are 2,547 matching records.
Displaying matches 1701 through 1720.
Vuln ID Summary CVSS Severity
CVE-2013-1767

Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.

Published: February 28, 2013; 02:55:01 PM -05:00
    V2: 6.2 MEDIUM
CVE-2013-1763

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

Published: February 28, 2013; 02:55:01 PM -05:00
    V2: 7.2 HIGH
CVE-2013-0349

The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.

Published: February 28, 2013; 02:55:01 PM -05:00
    V2: 1.9 LOW
CVE-2013-0343

The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.

Published: February 28, 2013; 02:55:01 PM -05:00
    V2: 3.2 LOW
CVE-2012-4542

block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.

Published: February 28, 2013; 02:55:01 PM -05:00
    V2: 4.6 MEDIUM
CVE-2013-2268

Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue."

Published: February 23, 2013; 04:55:02 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0900

Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: February 23, 2013; 04:55:02 PM -05:00
    V2: 6.8 MEDIUM
CVE-2013-0899

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

Published: February 23, 2013; 04:55:02 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-0898

Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0897

Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2013-0896

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0895

Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0894

Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0893

Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2013-0892

Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0891

Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0890

Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH
CVE-2013-0889

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2013-0888

Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file downloads."

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2013-0887

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors.

Published: February 23, 2013; 04:55:01 PM -05:00
    V2: 7.5 HIGH