Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

8 matches found

CVE•added 2009/06/08 1:0 a.m.•334 views

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number ...

7.5CVSS6.9AI score0.03518EPSS

CVE•added 2009/06/08 1:0 a.m.•132 views

CVE-2009-1956

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

6.4CVSS7.4AI score0.05939EPSS

CVE•added 2009/06/04 4:30 p.m.•116 views

CVE-2009-1387

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

5CVSS6.4AI score0.13356EPSS

CVE•added 2009/06/09 5:30 p.m.•111 views

CVE-2009-0949

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED ta...

7.5CVSS7AI score0.15376EPSS

CVE•added 2009/06/04 4:30 p.m.•90 views

CVE-2009-1386

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

5CVSS5.9AI score0.43635EPSS

CVE•added 2009/06/10 6:0 p.m.•81 views

CVE-2009-1699

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///e...

7.5CVSS6.9AI score0.05627EPSS

CVE•added 2009/06/25 1:30 a.m.•81 views

CVE-2009-1888

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory...

5.8CVSS6.2AI score0.04054EPSS

CVE•added 2009/06/08 1:0 a.m.•65 views

CVE-2009-1961

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice...

4.7CVSS4.4AI score0.00133EPSS