U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.20:rc3:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,925 matching records.
Displaying matches 2,141 through 2,160.
Vuln ID Summary CVSS Severity
CVE-2013-4163

The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.

Published: July 29, 2013; 9:59:56 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4162

The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.

Published: July 29, 2013; 9:59:56 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4127

Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.

Published: July 29, 2013; 9:59:56 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

Published: July 18, 2013; 12:51:56 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-1943

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Published: July 16, 2013; 10:08:50 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2013-4125

The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.

Published: July 15, 2013; 4:55:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2013-3347

Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.

Published: July 10, 2013; 6:55:02 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-3345

Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: July 10, 2013; 6:55:02 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-3344

Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.

Published: July 10, 2013; 6:55:02 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-1059

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

Published: July 08, 2013; 1:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2013-2237

The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.

Published: July 04, 2013; 5:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2234

The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

Published: July 04, 2013; 5:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2232

The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

Published: July 04, 2013; 5:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2013-2206

The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.

Published: July 04, 2013; 5:55:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.

Published: June 25, 2013; 10:38:18 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2011-4348

Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.

Published: June 08, 2013; 9:05:55 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-4347

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Published: June 08, 2013; 9:05:55 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2011-4087

The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.

Published: June 08, 2013; 9:05:55 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2011-2482

A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.

Published: June 08, 2013; 9:05:55 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2011-1585

The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user.

Published: June 08, 2013; 9:05:55 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 3.3 LOW