Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1736 |
Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. Published: May 06, 2014; 6:44:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-2889 |
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump. Published: April 26, 2014; 8:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-0181 |
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. Published: April 26, 2014; 8:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-1735 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1734 |
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1733 |
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1732 |
Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1731 |
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1730 |
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. Published: April 26, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-2706 |
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Published: April 14, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2014-0155 |
The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. Published: April 14, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-0077 |
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. Published: April 14, 2014; 7:55:07 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-2678 |
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Published: April 01, 2014; 2:35:53 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-2673 |
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. Published: April 01, 2014; 2:35:53 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-7348 |
Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. Published: April 01, 2014; 2:35:53 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-2523 |
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. Published: March 24, 2014; 12:40:48 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-7339 |
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Published: March 24, 2014; 12:40:43 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-1715 |
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Published: March 16, 2014; 10:06:45 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1714 |
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. Published: March 16, 2014; 10:06:45 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-1713 |
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. Published: March 16, 2014; 10:06:45 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |