Lucene search

K
CanonicalUbuntu Linux6.06

243 matches found

CVE
CVE
added 2009/10/20 5:30 p.m.89 views

CVE-2009-2910

arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode.

2.1CVSS5.9AI score0.00052EPSS
CVE
CVE
added 2010/09/30 3:0 p.m.88 views

CVE-2010-2943

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned...

8.1CVSS7.2AI score0.02402EPSS
CVE
CVE
added 2010/11/26 7:0 p.m.88 views

CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privile...

6.2CVSS6AI score0.00144EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.87 views

CVE-2008-5511

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

4.3CVSS9.1AI score0.01798EPSS
CVE
CVE
added 2010/02/17 6:30 p.m.87 views

CVE-2010-0307

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application ...

4.7CVSS5.5AI score0.00131EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.87 views

CVE-2010-0410

drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.

4.9CVSS6.1AI score0.00079EPSS
CVE
CVE
added 2010/09/03 8:0 p.m.87 views

CVE-2010-2226

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

2.1CVSS6.9AI score0.00083EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.87 views

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS7.9AI score0.03207EPSS
CVE
CVE
added 2009/09/18 10:30 a.m.86 views

CVE-2009-3238

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "...

7.8CVSS5.7AI score0.00241EPSS
CVE
CVE
added 2010/09/03 8:0 p.m.86 views

CVE-2010-2954

The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via...

4.9CVSS7.3AI score0.00064EPSS
CVE
CVE
added 2007/02/26 8:28 p.m.85 views

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attac...

6.8CVSS7.9AI score0.48677EPSS
CVE
CVE
added 2007/07/16 10:30 p.m.85 views

CVE-2007-3798

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

9.8CVSS9.8AI score0.74399EPSS
CVE
CVE
added 2008/11/13 1:0 a.m.85 views

CVE-2008-4989

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguis...

5.9CVSS5.9AI score0.00393EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.85 views

CVE-2010-3084

Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.

7.2CVSS6.5AI score0.00091EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.84 views

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

6.8CVSS6.7AI score0.26851EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.84 views

CVE-2007-1887

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with ...

7.5CVSS7.9AI score0.02863EPSS
CVE
CVE
added 2007/11/02 4:46 p.m.84 views

CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

6.8CVSS6.3AI score0.01802EPSS
CVE
CVE
added 2008/08/01 2:41 p.m.84 views

CVE-2008-3142

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resiz...

7.5CVSS7.8AI score0.01833EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.84 views

CVE-2008-3837

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a v...

9.3CVSS9.6AI score0.35534EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.84 views

CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.

4.3CVSS8.9AI score0.07584EPSS
CVE
CVE
added 2009/05/28 8:30 p.m.84 views

CVE-2009-1633

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; o...

7.1CVSS5.5AI score0.01839EPSS
CVE
CVE
added 2009/08/21 5:30 p.m.84 views

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Ce...

5.8CVSS6AI score0.01808EPSS
CVE
CVE
added 2010/07/13 8:30 p.m.84 views

CVE-2010-2008

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA ...

3.5CVSS6.2AI score0.04836EPSS
CVE
CVE
added 2007/10/04 4:17 p.m.83 views

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

7.2CVSS6.2AI score0.00097EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.83 views

CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

9.3CVSS10AI score0.16195EPSS
CVE
CVE
added 2009/11/16 7:30 p.m.83 views

CVE-2009-3939

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

7.1CVSS6.4AI score0.00044EPSS
CVE
CVE
added 2010/03/05 7:30 p.m.83 views

CVE-2010-0302

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client ...

7.5CVSS7.4AI score0.09847EPSS
CVE
CVE
added 2009/04/17 2:30 p.m.82 views

CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

2.1CVSS6AI score0.00087EPSS
CVE
CVE
added 2007/04/06 1:19 a.m.81 views

CVE-2007-1216

Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary co...

9CVSS9.3AI score0.11518EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.81 views

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a reso...

6.8CVSS9.7AI score0.01236EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.81 views

CVE-2008-5508

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.

4.3CVSS9.8AI score0.02217EPSS
CVE
CVE
added 2010/11/17 1:0 a.m.81 views

CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a...

4.3CVSS5.6AI score0.00728EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.80 views

CVE-2006-6503

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

6.8CVSS5.5AI score0.2094EPSS
CVE
CVE
added 2007/06/26 10:30 p.m.80 views

CVE-2007-2443

Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.

8.3CVSS9.5AI score0.2536EPSS
CVE
CVE
added 2007/07/30 11:17 p.m.80 views

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that trigg...

6.8CVSS7.9AI score0.11401EPSS
CVE
CVE
added 2008/03/17 9:44 p.m.80 views

CVE-2008-0888

The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.

9.3CVSS9.6AI score0.04114EPSS
CVE
CVE
added 2008/06/16 9:41 p.m.80 views

CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the ...

9.3CVSS9.2AI score0.11919EPSS
CVE
CVE
added 2008/08/08 6:41 p.m.80 views

CVE-2008-3272

The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obt...

2.1CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.80 views

CVE-2008-5017

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

10CVSS9.4AI score0.1059EPSS
CVE
CVE
added 2009/04/23 5:30 p.m.80 views

CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

5CVSS7.2AI score0.05134EPSS
CVE
CVE
added 2009/10/07 6:30 p.m.80 views

CVE-2009-2906

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.

4CVSS8.8AI score0.00348EPSS
CVE
CVE
added 2010/08/19 6:0 p.m.80 views

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

6.8CVSS9.5AI score0.05194EPSS
CVE
CVE
added 2007/05/14 9:19 p.m.79 views

CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

7.2CVSS6.3AI score0.08832EPSS
CVE
CVE
added 2007/09/04 6:17 p.m.79 views

CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""'...

5CVSS7.4AI score0.06465EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.79 views

CVE-2010-2066

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

5.5CVSS5.6AI score0.00061EPSS
CVE
CVE
added 2010/09/29 5:0 p.m.79 views

CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

2.1CVSS7.2AI score0.0007EPSS
CVE
CVE
added 2010/09/08 8:0 p.m.79 views

CVE-2010-2955

The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c,...

2.1CVSS5.7AI score0.00093EPSS
CVE
CVE
added 2007/03/24 9:19 p.m.78 views

CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negativ...

9.3CVSS7.7AI score0.0114EPSS
CVE
CVE
added 2008/08/27 8:41 p.m.78 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

6.5CVSS6.3AI score0.00802EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.78 views

CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNati...

6.8CVSS9.8AI score0.03853EPSS
Total number of security vulnerabilities243