Lucene search

K
CanonicalUbuntu Linux10.04

509 matches found

CVE
CVE
added 2010/09/21 8:0 p.m.103 views

CVE-2010-3477

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kern...

2.1CVSS5.8AI score0.0008EPSS
CVE
CVE
added 2011/01/28 10:0 p.m.103 views

CVE-2010-4253

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) d...

9.3CVSS7.1AI score0.0404EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.103 views

CVE-2012-0572

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4CVSS4.3AI score0.00562EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.103 views

CVE-2013-3812

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

3.5CVSS5AI score0.00648EPSS
CVE
CVE
added 2014/01/15 4:8 p.m.103 views

CVE-2014-0420

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.

2.8CVSS5AI score0.00731EPSS
CVE
CVE
added 2010/09/30 3:0 p.m.102 views

CVE-2010-3296

The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.

2.1CVSS5.5AI score0.00101EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.102 views

CVE-2013-0384

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

6.8CVSS4.3AI score0.01274EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.102 views

CVE-2013-0750

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary cod...

9.3CVSS9.6AI score0.0381EPSS
CVE
CVE
added 2014/04/23 3:55 p.m.102 views

CVE-2014-0474

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, re...

10CVSS6.7AI score0.06294EPSS
CVE
CVE
added 2010/09/21 6:0 p.m.101 views

CVE-2010-3078

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.

5.5CVSS5.5AI score0.00048EPSS
CVE
CVE
added 2010/11/30 9:38 p.m.101 views

CVE-2010-3858

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denia...

4.9CVSS6.3AI score0.00172EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.101 views

CVE-2012-3150

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4CVSS4.2AI score0.0049EPSS
CVE
CVE
added 2012/10/16 11:55 p.m.101 views

CVE-2012-3160

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

2.1CVSS4.1AI score0.00137EPSS
CVE
CVE
added 2013/04/25 11:55 p.m.101 views

CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

4.3CVSS8AI score0.00254EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.101 views

CVE-2013-0757

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to exec...

9.3CVSS9.1AI score0.74572EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.101 views

CVE-2013-0767

The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary cod...

10CVSS9.5AI score0.01907EPSS
CVE
CVE
added 2013/08/19 11:55 p.m.101 views

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

1.9CVSS6AI score0.00069EPSS
CVE
CVE
added 2014/04/16 1:55 a.m.101 views

CVE-2014-0452

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.

7.5CVSS6.6AI score0.03214EPSS
CVE
CVE
added 2014/04/16 1:55 a.m.101 views

CVE-2014-0458

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.

7.5CVSS6.6AI score0.03214EPSS
CVE
CVE
added 2014/04/16 2:55 a.m.101 views

CVE-2014-2421

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10CVSS6.5AI score0.08192EPSS
CVE
CVE
added 2014/12/17 7:59 p.m.101 views

CVE-2014-8116

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

5CVSS6.9AI score0.08497EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.100 views

CVE-2010-2495

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecif...

10CVSS6.4AI score0.01489EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.100 views

CVE-2013-3802

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

4CVSS4.3AI score0.00387EPSS
CVE
CVE
added 2015/04/08 10:59 a.m.100 views

CVE-2015-1472

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a ...

7.5CVSS7.8AI score0.03056EPSS
CVE
CVE
added 2010/09/21 6:0 p.m.99 views

CVE-2010-3080

Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.

7.2CVSS7.7AI score0.00047EPSS
CVE
CVE
added 2011/04/08 3:17 p.m.99 views

CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-sc...

7.5CVSS7.6AI score0.71985EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.99 views

CVE-2012-1702

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

5CVSS4.7AI score0.00683EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.99 views

CVE-2012-1970

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application cr...

10CVSS9.8AI score0.00873EPSS
CVE
CVE
added 2012/10/17 12:55 a.m.99 views

CVE-2012-3167

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

3.5CVSS4.2AI score0.0049EPSS
CVE
CVE
added 2014/04/16 1:55 a.m.99 views

CVE-2014-0459

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

4.3CVSS8.3AI score0.03305EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.98 views

CVE-2013-3783

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.

4CVSS5AI score0.0069EPSS
CVE
CVE
added 2010/12/30 7:0 p.m.96 views

CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

4.7CVSS5.7AI score0.00195EPSS
CVE
CVE
added 2012/10/03 11:2 a.m.96 views

CVE-2012-3412

The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.

7.8CVSS6AI score0.05802EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.96 views

CVE-2013-0766

Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to exe...

9.3CVSS9.5AI score0.02851EPSS
CVE
CVE
added 2014/04/16 1:55 a.m.96 views

CVE-2014-2398

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.

3.5CVSS6.2AI score0.00231EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.96 views

CVE-2014-9661

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

7.5CVSS7.9AI score0.04855EPSS
CVE
CVE
added 2015/02/17 3:59 p.m.96 views

CVE-2015-0247

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

4.6CVSS7.3AI score0.00154EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.95 views

CVE-2012-3961

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap me...

10CVSS9.4AI score0.02093EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.95 views

CVE-2012-3990

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, rela...

9.3CVSS9.4AI score0.05468EPSS
CVE
CVE
added 2014/01/21 6:55 p.m.95 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers,...

6.8CVSS9AI score0.02394EPSS
CVE
CVE
added 2010/11/29 4:0 p.m.94 views

CVE-2010-4072

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

1.9CVSS5.8AI score0.00096EPSS
CVE
CVE
added 2013/01/17 1:55 a.m.94 views

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

4CVSS4.5AI score0.0056EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.94 views

CVE-2012-1972

Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a de...

10CVSS9.4AI score0.03305EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.94 views

CVE-2012-1976

Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a den...

10CVSS9.4AI score0.0317EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.94 views

CVE-2013-0748

The XBL.proto .toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR pro...

4.3CVSS9.2AI score0.00306EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.94 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS
CVE
CVE
added 2014/12/17 7:59 p.m.94 views

CVE-2014-8117

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.

5CVSS7.1AI score0.08841EPSS
CVE
CVE
added 2014/12/09 11:59 p.m.94 views

CVE-2014-8502

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

7.5CVSS8.5AI score0.04743EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.94 views

CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

6.8CVSS7.8AI score0.01778EPSS
CVE
CVE
added 2015/01/21 6:59 p.m.94 views

CVE-2015-0400

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

5CVSS3.2AI score0.0094EPSS
Total number of security vulnerabilities509