Lucene search

K
CanonicalUbuntu Linux

22 matches found

CVE
CVE
added 2013/10/09 2:53 p.m.156 views

CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcar...

4.3CVSS6AI score0.03473EPSS
CVE
CVE
added 2013/10/16 3:55 p.m.111 views

CVE-2013-3839

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4CVSS4.1AI score0.00823EPSS
CVE
CVE
added 2013/10/04 5:55 p.m.98 views

CVE-2013-4344

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

7.2CVSS8.3AI score0.00068EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.89 views

CVE-2013-5830

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn...

10CVSS6.3AI score0.22106EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.83 views

CVE-2013-4327

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

6.9CVSS6.2AI score0.00042EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.82 views

CVE-2013-5829

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than ...

10CVSS6.5AI score0.25398EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.82 views

CVE-2013-5842

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerabilit...

10CVSS6.5AI score0.33814EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.79 views

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288...

4.6CVSS8.2AI score0.00033EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.77 views

CVE-2013-4288

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --proce...

7.2CVSS6.4AI score0.00033EPSS
CVE
CVE
added 2013/10/28 10:55 p.m.77 views

CVE-2013-4402

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

5CVSS7.2AI score0.04675EPSS
CVE
CVE
added 2013/10/16 5:55 p.m.77 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

4.9CVSS4.8AI score0.00434EPSS
CVE
CVE
added 2013/10/01 5:55 p.m.69 views

CVE-2013-5745

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denia...

7.1CVSS6.2AI score0.20105EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.67 views

CVE-2013-1064

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (...

4.6CVSS6.2AI score0.00061EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.66 views

CVE-2013-1062

ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) ...

4.6CVSS6.2AI score0.00047EPSS
CVE
CVE
added 2013/10/27 12:55 a.m.57 views

CVE-2013-4428

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an imag...

3.5CVSS6.1AI score0.00207EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.56 views

CVE-2013-1065

backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a relat...

4.6CVSS6.1AI score0.00058EPSS
CVE
CVE
added 2013/10/09 2:54 p.m.55 views

CVE-2013-4256

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in...

4.6CVSS7.7AI score0.00053EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.53 views

CVE-2013-1061

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess...

4.6CVSS6.1AI score0.00062EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.50 views

CVE-2013-1063

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1)...

4.6CVSS6.2AI score0.00061EPSS
CVE
CVE
added 2013/10/03 9:55 p.m.50 views

CVE-2013-1066

language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) se...

4.6CVSS6.2AI score0.00062EPSS
CVE
CVE
added 2013/10/28 9:55 p.m.44 views

CVE-2013-1056

X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.

1.9CVSS6.7AI score0.00054EPSS
CVE
CVE
added 2013/10/25 11:55 p.m.34 views

CVE-2013-1067

Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.

4.9CVSS5.7AI score0.00042EPSS