Lucene search

K
CanonicalUbuntu Linux11.04

115 matches found

CVE
CVE
added 2012/07/25 10:42 a.m.55 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.55 views

CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

4.3CVSS8.3AI score0.00924EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.55 views

CVE-2012-4191

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ...

9.3CVSS9.7AI score0.01678EPSS
CVE
CVE
added 2012/06/07 9:55 p.m.54 views

CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

2.1CVSS6.3AI score0.00053EPSS
CVE
CVE
added 2014/05/21 2:55 p.m.54 views

CVE-2012-1166

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

10CVSS7.6AI score0.04374EPSS
CVE
CVE
added 2011/02/23 7:0 p.m.52 views

CVE-2011-0725

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface.

4.9CVSS6.3AI score0.00054EPSS
CVE
CVE
added 2014/05/14 12:55 a.m.52 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

4.3CVSS6.3AI score0.00134EPSS
CVE
CVE
added 2014/04/27 8:55 p.m.48 views

CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarba...

6.4CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2012/06/04 8:55 p.m.48 views

CVE-2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

4.3CVSS6.7AI score0.00475EPSS
CVE
CVE
added 2012/06/19 8:55 p.m.47 views

CVE-2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...

5CVSS6.6AI score0.00472EPSS
CVE
CVE
added 2012/06/16 12:55 a.m.46 views

CVE-2011-4408

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

6.8CVSS6.4AI score0.00414EPSS
CVE
CVE
added 2012/05/31 5:55 p.m.46 views

CVE-2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.

5CVSS6.5AI score0.00472EPSS
CVE
CVE
added 2011/06/02 7:55 p.m.44 views

CVE-2011-0730

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signatur...

6.5CVSS7.2AI score0.00467EPSS
CVE
CVE
added 2011/11/29 5:55 p.m.43 views

CVE-2011-3150

Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack.

6.8CVSS7.2AI score0.01042EPSS
CVE
CVE
added 2014/05/22 11:55 p.m.35 views

CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebase...

2.1CVSS6.2AI score0.00264EPSS
Total number of security vulnerabilities115