Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4348 |
The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. Published: November 04, 2013; 10:55:05 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-1067 |
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. Published: October 25, 2013; 7:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-5842 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. Published: October 16, 2013; 1:55:06 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5830 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Published: October 16, 2013; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5829 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. Published: October 16, 2013; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-5807 |
Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. Published: October 16, 2013; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-3839 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Published: October 16, 2013; 11:55:34 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4344 |
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Published: October 04, 2013; 1:55:09 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-1063 |
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Published: October 03, 2013; 5:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2013-4343 |
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. Published: September 25, 2013; 6:31:29 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2013-1060 |
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account. Published: September 25, 2013; 6:31:26 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2013-4002 |
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. Published: July 23, 2013; 7:03:19 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-2566 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. Published: March 15, 2013; 5:55:01 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-0260 |
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. Published: June 05, 2012; 6:55:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |