Filtered by vendor Canonical
Subscriptions
Total
4229 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4204 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2025-04-11 | N/A |
| The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2013-0335 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2025-04-11 | N/A |
| OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | ||||
| CVE-2012-3173 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. | ||||
| CVE-2013-4563 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | N/A |
| The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. | ||||
| CVE-2013-4588 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | 7.0 High |
| Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. | ||||
| CVE-2013-4668 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2025-04-11 | N/A |
| Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. | ||||
| CVE-2012-3180 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | ||||
| CVE-2013-5829 | 3 Canonical, Oracle, Redhat | 12 Ubuntu Linux, Jdk, Jre and 9 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. | ||||
| CVE-2013-5830 | 3 Canonical, Oracle, Redhat | 13 Ubuntu Linux, Jdk, Jre and 10 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||||
| CVE-2013-5842 | 3 Canonical, Oracle, Redhat | 12 Ubuntu Linux, Jdk, Jre and 9 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. | ||||
| CVE-2013-0249 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2025-04-11 | N/A |
| Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. | ||||
| CVE-2013-4969 | 4 Canonical, Debian, Puppet and 1 more | 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more | 2025-04-11 | N/A |
| Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | ||||
| CVE-2012-3972 | 6 Canonical, Debian, Mozilla and 3 more | 16 Ubuntu Linux, Debian Linux, Firefox and 13 more | 2025-04-11 | N/A |
| The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. | ||||
| CVE-2013-1061 | 2 Canonical, Marc Deslauriers | 2 Ubuntu Linux, Software-properties | 2025-04-11 | N/A |
| dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1052 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | ||||
| CVE-2013-0247 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. | ||||
| CVE-2013-0211 | 5 Canonical, Fedoraproject, Freebsd and 2 more | 5 Ubuntu Linux, Fedora, Freebsd and 2 more | 2025-04-11 | N/A |
| Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | ||||
| CVE-2012-3976 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | N/A |
| Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. | ||||
| CVE-2012-3982 | 5 Canonical, Debian, Mozilla and 2 more | 14 Ubuntu Linux, Debian Linux, Firefox and 11 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-0170 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 12 Ubuntu Linux, Fedora, Opensuse and 9 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. | ||||