Filtered by vendor Canonical
Subscribe
Total
4156 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3425 | 5 Canonical, Debian, Libpng and 2 more | 5 Ubuntu Linux, Debian Linux, Libpng and 2 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. | |||||
CVE-2012-4202 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. | |||||
CVE-2013-0761 | 4 Canonical, Mozilla, Opensuse and 1 more | 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-5833 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2023-12-10 | 9.3 HIGH | N/A |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. | |||||
CVE-2012-5689 | 3 Canonical, Isc, Redhat | 8 Ubuntu Linux, Bind, Enterprise Linux Desktop and 5 more | 2023-12-10 | 7.1 HIGH | N/A |
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | |||||
CVE-2013-2174 | 4 Canonical, Haxx, Opensuse and 1 more | 5 Ubuntu Linux, Curl, Libcurl and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. | |||||
CVE-2013-3783 | 6 Canonical, Debian, Mariadb and 3 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. | |||||
CVE-2012-4216 | 6 Canonical, Debian, Mozilla and 3 more | 15 Ubuntu Linux, Debian Linux, Firefox and 12 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2013-0762 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-3991 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2023-12-10 | 9.3 HIGH | N/A |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | |||||
CVE-2013-1865 | 2 Canonical, Openstack | 2 Ubuntu Linux, Folsom | 2023-12-10 | 6.8 MEDIUM | N/A |
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | |||||
CVE-2013-1900 | 2 Canonical, Postgresql | 2 Ubuntu Linux, Postgresql | 2023-12-10 | 8.5 HIGH | N/A |
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." | |||||
CVE-2012-3988 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. | |||||
CVE-2013-0386 | 3 Canonical, Mariadb, Oracle | 3 Ubuntu Linux, Mariadb, Mysql | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | |||||
CVE-2013-0773 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | |||||
CVE-2013-4327 | 3 Canonical, Debian, Systemd Project | 3 Ubuntu Linux, Debian Linux, Systemd | 2023-12-10 | 6.9 MEDIUM | N/A |
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2023-12-10 | 6.5 MEDIUM | N/A |
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | |||||
CVE-2013-0389 | 3 Canonical, Mariadb, Oracle | 3 Ubuntu Linux, Mariadb, Mysql | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||||
CVE-2012-0247 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |||||
CVE-2014-0401 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. |