Filtered by vendor Canonical
Subscribe
Total
4214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2856 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2016-11-28 | 7.2 HIGH | 8.4 HIGH |
| pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. | |||||
| CVE-2016-2187 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2016-11-28 | 4.9 MEDIUM | 4.6 MEDIUM |
| The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2014-8602 | 3 Canonical, Debian, Nlnetlabs | 3 Ubuntu Linux, Debian Linux, Unbound | 2016-11-28 | 4.3 MEDIUM | N/A |
| iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | |||||
| CVE-2014-7142 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Solaris, Squid | 2016-11-28 | 6.4 MEDIUM | N/A |
| The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | |||||
| CVE-2013-7443 | 2 Canonical, Sqlite | 2 Ubuntu Linux, Sqlite | 2016-11-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. | |||||
| CVE-2013-6410 | 3 Canonical, Debian, Wouter Verhelst | 3 Ubuntu Linux, Debian Linux, Nbd | 2016-11-28 | 7.5 HIGH | N/A |
| nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. | |||||
| CVE-2013-1981 | 2 Canonical, X | 2 Ubuntu Linux, Libx11 | 2016-11-28 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. | |||||
| CVE-2015-2238 | 2 Canonical, Google | 3 Ubuntu Linux, Chrome, V8 | 2016-11-18 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-7439 | 3 Canonical, Debian, X.org | 4 Ubuntu Linux, Debian Linux, Libx11 and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | |||||
| CVE-2016-1371 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2016-10-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | |||||
| CVE-2016-1372 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2016-10-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | |||||
| CVE-2013-1944 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2016-09-09 | 5.0 MEDIUM | N/A |
| The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | |||||
| CVE-2014-1829 | 4 Canonical, Debian, Mageia and 1 more | 4 Ubuntu Linux, Debian Linux, Mageia and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||||
| CVE-2014-7204 | 3 Canonical, Debian, Mageia | 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||||
| CVE-2012-5689 | 3 Canonical, Isc, Redhat | 8 Ubuntu Linux, Bind, Enterprise Linux Desktop and 5 more | 2016-08-19 | 7.1 HIGH | N/A |
| ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | |||||
| CVE-2015-8946 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2016-07-27 | 2.1 LOW | 3.3 LOW |
| ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-3686 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2016-07-27 | 6.8 MEDIUM | N/A |
| wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | |||||
| CVE-2016-1582 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
| LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. | |||||
| CVE-2016-1581 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
| LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | |||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2016-05-26 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | |||||