Filtered by vendor Canonical
Subscribe
Total
4159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1063 | 2 Canonical, Evan Dandrea | 2 Ubuntu Linux, Usb-creator | 2023-12-10 | 4.6 MEDIUM | N/A |
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2013-5842 | 3 Canonical, Oracle, Redhat | 8 Ubuntu Linux, Jdk, Jre and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. | |||||
CVE-2012-5838 | 4 Canonical, Mozilla, Opensuse and 1 more | 10 Ubuntu Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 9.3 HIGH | N/A |
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. | |||||
CVE-2013-4242 | 4 Canonical, Debian, Gnupg and 1 more | 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more | 2023-12-10 | 1.9 LOW | N/A |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. | |||||
CVE-2007-6746 | 1 Canonical | 2 Telepathy-idle, Ubuntu Linux | 2023-12-10 | 5.8 MEDIUM | N/A |
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-0335 | 2 Canonical, Openstack | 4 Ubuntu Linux, Essex, Folsom and 1 more | 2023-12-10 | 6.0 MEDIUM | N/A |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | |||||
CVE-2013-1066 | 2 Canonical, Ubuntu Developers | 2 Ubuntu Linux, Language-selector | 2023-12-10 | 4.6 MEDIUM | N/A |
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | |||||
CVE-2013-1052 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | 7.2 HIGH | N/A |
pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | |||||
CVE-2012-6093 | 3 Canonical, Opensuse, Qt | 3 Ubuntu Linux, Opensuse, Qt | 2023-12-10 | 4.3 MEDIUM | N/A |
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. | |||||
CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | |||||
CVE-2012-4184 | 4 Canonical, Mozilla, Redhat and 1 more | 13 Ubuntu Linux, Firefox, Firefox Esr and 10 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. | |||||
CVE-2012-4205 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | |||||
CVE-2012-3867 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Opensuse and 5 more | 2023-12-10 | 4.3 MEDIUM | N/A |
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. | |||||
CVE-2012-5830 | 6 Apple, Canonical, Mozilla and 3 more | 16 Mac Os X, Ubuntu Linux, Firefox and 13 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | |||||
CVE-2010-3443 | 2 Canonical, Quassel-irc | 2 Ubuntu Linux, Quassel Irc | 2023-12-10 | 5.0 MEDIUM | N/A |
ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message. | |||||
CVE-2013-1652 | 3 Canonical, Puppet, Puppetlabs | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2023-12-10 | 4.9 MEDIUM | N/A |
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | |||||
CVE-2012-3967 | 6 Canonical, Linux, Mozilla and 3 more | 15 Ubuntu Linux, Linux Kernel, Firefox and 12 more | 2023-12-10 | 9.3 HIGH | N/A |
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. | |||||
CVE-2012-1974 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2011-4408 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack. |