Filtered by vendor Canonical
Subscribe
Total
4187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1427 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2. | |||||
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2011-3151 | 1 Canonical | 1 Selinux | 2019-10-09 | 5.8 MEDIUM | 5.9 MEDIUM |
| The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem. | |||||
| CVE-2008-2829 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-10-09 | 5.0 MEDIUM | N/A |
| php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. | |||||
| CVE-2007-4772 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2019-10-09 | 4.0 MEDIUM | N/A |
| The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. | |||||
| CVE-2007-0988 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-10-09 | 4.3 MEDIUM | N/A |
| The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. | |||||
| CVE-2007-0780 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2019-10-09 | 6.8 MEDIUM | N/A |
| browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | |||||
| CVE-2007-0778 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2019-10-09 | 5.4 MEDIUM | N/A |
| The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. | |||||
| CVE-2007-0777 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2019-10-09 | 9.3 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | |||||
| CVE-2007-0009 | 3 Canonical, Debian, Mozilla | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2019-10-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | |||||
| CVE-2006-6500 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2019-10-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. | |||||
| CVE-2018-11213 | 3 Canonical, Debian, Ijg | 3 Ubuntu Linux, Debian Linux, Libjpeg | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | |||||
| CVE-2018-3247 | 4 Canonical, Microsoft, Netapp and 1 more | 8 Ubuntu Linux, Windows, Oncommand Insight and 5 more | 2019-10-03 | 5.5 MEDIUM | 5.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2018-5358 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||||
| CVE-2017-9815 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. | |||||
| CVE-2018-12392 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2017-13081 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2019-10-03 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |||||
| CVE-2018-10853 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. | |||||
| CVE-2018-5246 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | |||||