Lucene search

K
CanonicalUbuntu Linux11.10

227 matches found

CVE
CVE
added 2011/11/29 5:55 p.m.55 views

CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack...

7.5CVSS7.5AI score0.01967EPSS
CVE
CVE
added 2012/07/25 10:42 a.m.55 views

CVE-2012-3954

Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

3.3CVSS6.3AI score0.06481EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.55 views

CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

4.3CVSS8.3AI score0.00924EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.55 views

CVE-2012-4191

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ...

9.3CVSS9.7AI score0.01678EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.55 views

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive info...

6.8CVSS8.5AI score0.00875EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.55 views

CVE-2012-4209

Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross...

4.3CVSS7.8AI score0.02065EPSS
CVE
CVE
added 2012/06/07 9:55 p.m.54 views

CVE-2012-0948

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

2.1CVSS6.3AI score0.00053EPSS
CVE
CVE
added 2014/05/21 2:55 p.m.54 views

CVE-2012-1166

The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.

10CVSS7.6AI score0.04374EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.54 views

CVE-2012-5830

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

8.8CVSS8.9AI score0.01446EPSS
CVE
CVE
added 2013/04/29 10:55 p.m.54 views

CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

6.8CVSS7.4AI score0.02192EPSS
CVE
CVE
added 2013/04/03 12:55 a.m.53 views

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

7.5CVSS8AI score0.02677EPSS
CVE
CVE
added 2014/03/06 3:55 p.m.52 views

CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

1.9CVSS6.1AI score0.00052EPSS
CVE
CVE
added 2014/05/14 12:55 a.m.52 views

CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

4.3CVSS6.3AI score0.00134EPSS
CVE
CVE
added 2013/02/13 1:55 a.m.52 views

CVE-2013-0241

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2013/04/29 10:55 p.m.51 views

CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

5.8CVSS6.2AI score0.00702EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.50 views

CVE-2012-4204

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

9.3CVSS8.9AI score0.03013EPSS
CVE
CVE
added 2013/04/02 3:22 a.m.50 views

CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the ...

4.3CVSS5.8AI score0.00476EPSS
CVE
CVE
added 2014/04/27 8:55 p.m.48 views

CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarba...

6.4CVSS6.6AI score0.00439EPSS
CVE
CVE
added 2012/06/04 8:55 p.m.48 views

CVE-2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

4.3CVSS6.7AI score0.00475EPSS
CVE
CVE
added 2012/06/19 8:55 p.m.47 views

CVE-2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...

5CVSS6.6AI score0.00472EPSS
CVE
CVE
added 2012/11/04 10:55 p.m.47 views

CVE-2012-5821

Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.

5.9CVSS5.3AI score0.00237EPSS
CVE
CVE
added 2012/06/16 12:55 a.m.46 views

CVE-2011-4408

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

6.8CVSS6.4AI score0.00414EPSS
CVE
CVE
added 2012/05/31 5:55 p.m.46 views

CVE-2012-0949

The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.

5CVSS6.5AI score0.00472EPSS
CVE
CVE
added 2012/12/26 10:55 p.m.44 views

CVE-2012-0962

Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.

4.3CVSS6.6AI score0.00435EPSS
CVE
CVE
added 2011/11/29 5:55 p.m.43 views

CVE-2011-3150

Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack.

6.8CVSS7.2AI score0.01042EPSS
CVE
CVE
added 2013/04/02 3:23 a.m.42 views

CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network....

4.3CVSS5.9AI score0.00556EPSS
CVE
CVE
added 2014/04/16 6:37 p.m.41 views

CVE-2011-4406

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

3.6CVSS6.3AI score0.00053EPSS
Total number of security vulnerabilities227