Lucene search

K
CanonicalUbuntu Linux

4105 matches found

CVE
CVE
added 2017/10/10 8:29 p.m.54 views

CVE-2017-15217

ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.

6.5CVSS7AI score0.00534EPSS
CVE
CVE
added 2018/01/12 9:29 a.m.54 views

CVE-2018-5358

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.

6.5CVSS6.9AI score0.00406EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.54 views

CVE-2018-5807

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

8.8CVSS7AI score0.00491EPSS
CVE
CVE
added 2007/01/10 12:0 a.m.53 views

CVE-2006-6143

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possi...

9.3CVSS7.5AI score0.28975EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.53 views

CVE-2010-3248

Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.

5CVSS9.1AI score0.00435EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.53 views

CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sens...

4.3CVSS7.8AI score0.00823EPSS
CVE
CVE
added 2011/02/23 7:0 p.m.53 views

CVE-2011-0725

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface.

4.9CVSS6.3AI score0.00054EPSS
CVE
CVE
added 2014/03/06 3:55 p.m.53 views

CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

1.9CVSS6.1AI score0.00052EPSS
CVE
CVE
added 2014/05/14 12:55 a.m.53 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

4.3CVSS6.3AI score0.00134EPSS
CVE
CVE
added 2019/11/21 2:15 p.m.53 views

CVE-2012-3543

mono 2.10.x ASP.NET Web Form Hash collision DoS

7.5CVSS7.3AI score0.01146EPSS
CVE
CVE
added 2013/04/29 10:55 p.m.53 views

CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

5.8CVSS6.2AI score0.00702EPSS
CVE
CVE
added 2014/07/24 2:55 p.m.53 views

CVE-2014-1419

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

6.9CVSS6.3AI score0.00035EPSS
CVE
CVE
added 2014/08/19 6:55 p.m.53 views

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/m...

5CVSS5.9AI score0.0075EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.53 views

CVE-2015-3407

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

5CVSS7.3AI score0.00415EPSS
CVE
CVE
added 2017/04/12 10:59 p.m.53 views

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

7.5CVSS7.5AI score0.02467EPSS
CVE
CVE
added 2018/03/06 6:29 p.m.53 views

CVE-2018-7731

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.

5.5CVSS6AI score0.00478EPSS
CVE
CVE
added 2018/03/28 8:29 p.m.53 views

CVE-2018-8885

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.

7CVSS6.5AI score0.0004EPSS
CVE
CVE
added 2020/08/06 11:15 p.m.53 views

CVE-2020-15702

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges...

7CVSS7AI score0.00104EPSS
CVE
CVE
added 2006/10/17 10:7 p.m.52 views

CVE-2006-5173

Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a S...

2.1CVSS7AI score0.00065EPSS
CVE
CVE
added 2006/11/07 6:7 p.m.52 views

CVE-2006-5779

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

7.5CVSS7.2AI score0.51898EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.52 views

CVE-2009-2797

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

5CVSS8.1AI score0.0196EPSS
CVE
CVE
added 2016/04/21 2:59 p.m.52 views

CVE-2013-7449

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

6.5CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2014/10/08 7:55 p.m.52 views

CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

2.1CVSS6.1AI score0.00123EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.52 views

CVE-2014-8547

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

7.5CVSS8.9AI score0.00765EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.52 views

CVE-2015-1342

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

4.6CVSS6.6AI score0.00056EPSS
CVE
CVE
added 2016/06/09 4:59 p.m.52 views

CVE-2016-1582

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

5.5CVSS5.2AI score0.0004EPSS
CVE
CVE
added 2016/06/13 7:59 p.m.52 views

CVE-2016-4574

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

7.5CVSS7.3AI score0.0109EPSS
CVE
CVE
added 2013/05/21 6:55 p.m.51 views

CVE-2007-6746

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

5.8CVSS6.3AI score0.0025EPSS
CVE
CVE
added 2013/04/02 3:22 a.m.51 views

CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the ...

4.3CVSS5.8AI score0.00476EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.51 views

CVE-2013-1063

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1)...

4.6CVSS6.2AI score0.00061EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.51 views

CVE-2013-1066

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) se...

4.6CVSS6.2AI score0.00062EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.51 views

CVE-2015-1322

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a ....

4.6CVSS6.2AI score0.00023EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.51 views

CVE-2016-3982

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

8.8CVSS8.9AI score0.01884EPSS
CVE
CVE
added 2018/02/02 2:29 p.m.51 views

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than ...

7.8CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2017/06/07 5:29 a.m.51 views

CVE-2017-9471

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

5.5CVSS6.8AI score0.00227EPSS
CVE
CVE
added 2018/12/07 10:29 p.m.51 views

CVE-2018-5812

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

6.5CVSS6.3AI score0.00514EPSS
CVE
CVE
added 2010/07/06 5:17 p.m.50 views

CVE-2010-2647

Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.

9.3CVSS9.5AI score0.01701EPSS
CVE
CVE
added 2010/08/24 8:0 p.m.50 views

CVE-2010-3114

The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSepa...

10CVSS8.6AI score0.00625EPSS
CVE
CVE
added 2013/11/23 11:55 a.m.50 views

CVE-2010-3443

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

5CVSS6.6AI score0.0119EPSS
CVE
CVE
added 2014/03/14 3:55 p.m.50 views

CVE-2013-6473

Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.

6.8CVSS7.5AI score0.06837EPSS
CVE
CVE
added 2014/11/05 11:55 a.m.50 views

CVE-2014-8543

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

7.5CVSS8.9AI score0.01402EPSS
CVE
CVE
added 2017/08/25 6:29 p.m.50 views

CVE-2015-1324

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privi...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2017/09/20 4:29 p.m.50 views

CVE-2015-1329

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

9.3CVSS9.5AI score0.02247EPSS
CVE
CVE
added 2010/09/09 10:0 p.m.49 views

CVE-2010-1781

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.

6.8CVSS9AI score0.08002EPSS
CVE
CVE
added 2014/04/27 8:55 p.m.49 views

CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarba...

6.4CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2012/06/04 8:55 p.m.49 views

CVE-2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

4.3CVSS6.7AI score0.00475EPSS
CVE
CVE
added 2012/06/19 8:55 p.m.49 views

CVE-2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...

5CVSS6.6AI score0.00472EPSS
CVE
CVE
added 2012/11/04 10:55 p.m.49 views

CVE-2012-5821

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.

5.9CVSS5.3AI score0.00237EPSS
CVE
CVE
added 2015/12/07 8:59 p.m.49 views

CVE-2015-1344

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.

7.2CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2017/02/13 6:59 p.m.49 views

CVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.

9.8CVSS9.3AI score0.0159EPSS
Total number of security vulnerabilities4105