Filtered by vendor Ubuntu
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1601 | 1 Ubuntu | 1 Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | |||||
CVE-2008-5104 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | N/A |
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | |||||
CVE-2009-1295 | 2 Apport, Ubuntu | 2 Apport, Ubuntu | 2023-12-10 | 1.9 LOW | N/A |
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. | |||||
CVE-2009-1573 | 4 Branden Robinson, Debian, Redhat and 1 more | 4 Xvfb-run, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.6 MEDIUM | N/A |
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | |||||
CVE-2008-4395 | 2 Linux, Ubuntu | 2 Linux Kernel, Linux Kernel | 2023-12-10 | 8.3 HIGH | N/A |
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs. | |||||
CVE-2006-7236 | 3 Debian, Invisible-island, Ubuntu | 3 Debian Linux, Xterm, Linux | 2023-12-10 | 9.3 HIGH | N/A |
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | |||||
CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2023-12-10 | 7.2 HIGH | N/A |
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | |||||
CVE-2009-0365 | 1 Ubuntu | 1 Ubuntu Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | |||||
CVE-2009-0578 | 1 Ubuntu | 1 Ubuntu Linux | 2023-12-10 | 6.2 MEDIUM | N/A |
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | |||||
CVE-2008-2285 | 1 Ubuntu | 1 Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | |||||
CVE-2008-4306 | 1 Ubuntu | 1 Linux | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence. | |||||
CVE-2007-5365 | 5 Debian, Openbsd, Redhat and 2 more | 7 Debian Linux, Openbsd, Enterprise Linux and 4 more | 2023-12-10 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | |||||
CVE-2006-7229 | 1 Ubuntu | 1 Linux Kernel | 2023-12-10 | 7.8 HIGH | N/A |
The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. | |||||
CVE-2006-5648 | 1 Ubuntu | 1 Ubuntu Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. | |||||
CVE-2007-5159 | 3 Ntfs-3g, Redhat, Ubuntu | 3 Ntfs-3g, Fedora, Ubuntu Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | |||||
CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | |||||
CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2023-12-10 | 10.0 HIGH | N/A |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||||
CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2023-12-10 | 6.8 MEDIUM | N/A |
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | |||||
CVE-2007-3920 | 3 Compiz, Gnome, Ubuntu | 3 Compiz, Screensaver, Ubuntu Linux | 2023-12-10 | 6.2 MEDIUM | N/A |
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | |||||
CVE-2008-0172 | 2 Boost, Ubuntu | 2 Boost, Ubuntu Linux | 2023-12-10 | 5.0 MEDIUM | N/A |
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. |