Filtered by vendor Canonical
Subscribe
Total
4187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7374 | 1 Canonical | 1 Ubuntu Linux | 2014-07-18 | 4.6 MEDIUM | N/A |
| The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date. | |||||
| CVE-2012-6648 | 2 Canonical, Gdm-guest-session Project | 2 Ubuntu Linux, Gdm-guest-session | 2014-07-18 | 2.1 LOW | N/A |
| gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue. | |||||
| CVE-2013-1068 | 1 Canonical | 1 Ubuntu Linux | 2014-06-20 | 5.0 MEDIUM | N/A |
| The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. | |||||
| CVE-2012-1166 | 1 Canonical | 2 Ltsp Display Manager, Ubuntu Linux | 2014-05-31 | 10.0 HIGH | N/A |
| The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | |||||
| CVE-2012-0943 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2014-05-30 | 2.1 LOW | N/A |
| debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue. | |||||
| CVE-2014-2405 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Openjdk | 2014-05-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. | |||||
| CVE-2014-0462 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Openjdk | 2014-05-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. | |||||
| CVE-2011-4407 | 1 Canonical | 2 Software-properties, Ubuntu Linux | 2014-05-14 | 4.3 MEDIUM | N/A |
| ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. | |||||
| CVE-2014-3204 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. | |||||
| CVE-2014-3203 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2014-05-07 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | |||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2014-05-05 | 1.9 LOW | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | |||||
| CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2014-04-17 | 3.6 LOW | N/A |
| The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
| CVE-2011-3628 | 1 Canonical | 2 Libpam-modules, Ubuntu Linux | 2014-04-16 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname. | |||||
| CVE-2014-2241 | 2 Canonical, Freetype | 2 Ubuntu Linux, Freetype | 2014-04-01 | 6.8 MEDIUM | N/A |
| The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2014-03-17 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2014-03-07 | 1.9 LOW | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | |||||
| CVE-2013-6891 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2014-03-06 | 1.2 LOW | N/A |
| lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||||
| CVE-2013-2038 | 2 Canonical, Gpsd Project | 2 Ubuntu Linux, Gpsd | 2014-02-07 | 4.3 MEDIUM | N/A |
| The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability. | |||||
| CVE-2013-4130 | 2 Canonical, Spice Project | 2 Ubuntu Linux, Spice | 2014-01-24 | 5.0 MEDIUM | N/A |
| The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error. | |||||
| CVE-2013-2162 | 1 Canonical | 1 Ubuntu Linux | 2014-01-14 | 1.9 LOW | N/A |
| Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials. | |||||