Search Results (Refine Search)
- CPE Product Version: cpe:/o:linux:linux_kernel:3.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2888 |
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. Published: September 16, 2013; 9:01:24 AM -0400 |
V3.x:(not available) V2.0: 6.2 MEDIUM |
CVE-2013-4254 |
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. Published: August 24, 2013; 11:27:32 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2013-4205 |
Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call. Published: August 24, 2013; 11:27:32 PM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-4163 |
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. Published: July 29, 2013; 9:59:56 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-4162 |
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. Published: July 29, 2013; 9:59:56 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-4127 |
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. Published: July 29, 2013; 9:59:56 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-4125 |
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages. Published: July 15, 2013; 4:55:03 PM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2013-1059 |
net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. Published: July 08, 2013; 1:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2006-2916 |
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. Published: June 15, 2006; 6:02:00 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.0 MEDIUM |