Filtered by vendor Canonical
Subscribe
Total
4156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5212 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document. | |||||
| CVE-2015-6820 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2023-12-10 | 7.5 HIGH | N/A |
| The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. | |||||
| CVE-2016-0746 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. | |||||
| CVE-2016-1653 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Chrome and 2 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-12-10 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2015-2736 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2023-12-10 | 9.3 HIGH | N/A |
| The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
| CVE-2015-0847 | 2 Canonical, Wouter Verhelst | 2 Ubuntu Linux, Nbd | 2023-12-10 | 7.8 HIGH | N/A |
| nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. | |||||
| CVE-2015-5260 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2015-4830 | 8 Canonical, Debian, Fedoraproject and 5 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | |||||
| CVE-2016-4353 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | |||||
| CVE-2016-2112 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. | |||||
| CVE-2016-3136 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
| The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. | |||||
| CVE-2016-3486 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | |||||
| CVE-2015-5963 | 3 Canonical, Djangoproject, Oracle | 3 Ubuntu Linux, Django, Solaris | 2023-12-10 | 5.0 MEDIUM | N/A |
| contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. | |||||
| CVE-2015-8917 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | |||||
| CVE-2016-2117 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Vm Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | |||||
| CVE-2016-0758 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. | |||||
| CVE-2015-3165 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X Server, Ubuntu Linux, Debian Linux and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | |||||
| CVE-2015-4002 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Opensuse | 2023-12-10 | 9.0 HIGH | N/A |
| drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. | |||||