Lucene search

K
CanonicalUbuntu Linux

7 matches found

CVE
CVE
added 2013/09/25 10:31 a.m.232 views

CVE-2013-4343

Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.

6.9CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2013/09/25 10:31 a.m.86 views

CVE-2013-1060

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows l...

6.9CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.75 views

CVE-2013-4296

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC ca...

4CVSS7.6AI score0.03294EPSS
CVE
CVE
added 2013/09/30 10:55 p.m.71 views

CVE-2013-0211

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion ...

5CVSS7.7AI score0.01196EPSS
CVE
CVE
added 2013/09/30 10:55 p.m.70 views

CVE-2013-4222

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

6.5CVSS6.1AI score0.0058EPSS
CVE
CVE
added 2013/09/30 9:55 p.m.68 views

CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certificati...

4.3CVSS6.1AI score0.0025EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.63 views

CVE-2013-4202

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due ...

4.3CVSS6.4AI score0.05143EPSS