Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

8 matches found

CVE•added 2013/05/16 11:45 a.m.•1013 views

CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sen...

6.5CVSS8.7AI score0.02572EPSS

CVE•added 2013/05/29 2:29 p.m.•224 views

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as...

5CVSS5.3AI score0.48591EPSS

CVE•added 2013/05/02 2:55 p.m.•86 views

CVE-2013-0305

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

4CVSS6AI score0.00209EPSS

CVE•added 2013/05/02 2:55 p.m.•86 views

CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

5CVSS6.5AI score0.00562EPSS

CVE•added 2013/05/13 11:55 p.m.•75 views

CVE-2013-1940

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

2.1CVSS6AI score0.00111EPSS

CVE•added 2013/05/13 11:55 p.m.•68 views

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

4.3CVSS8.6AI score0.08227EPSS

CVE•added 2013/05/13 11:55 p.m.•60 views

CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

5CVSS8.8AI score0.10664EPSS

CVE•added 2013/05/21 6:55 p.m.•50 views

CVE-2007-6746

telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

5.8CVSS6.3AI score0.0025EPSS