Filtered by vendor Canonical
Subscribe
Total
4214 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | |||||
| CVE-2015-2695 | 6 Canonical, Debian, Mit and 3 more | 9 Ubuntu Linux, Debian Linux, Kerberos 5 and 6 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. | |||||
| CVE-2016-5338 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |||||
| CVE-2015-7869 | 4 Canonical, Linux, Microsoft and 1 more | 4 Ubuntu Linux, Linux Kernel, Windows and 1 more | 2025-04-12 | 6.6 MEDIUM | N/A |
| Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows. | |||||
| CVE-2016-0714 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | |||||
| CVE-2016-2841 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
| The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. | |||||
| CVE-2014-8150 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2025-04-12 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. | |||||
| CVE-2015-2316 | 5 Canonical, Djangoproject, Fedoraproject and 2 more | 5 Ubuntu Linux, Django, Fedora and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. | |||||
| CVE-2016-0483 | 2 Canonical, Oracle | 4 Ubuntu Linux, Jdk, Jre and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. | |||||
| CVE-2014-8160 | 6 Canonical, Debian, Linux and 3 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | |||||
| CVE-2013-6475 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-5174 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | |||||
| CVE-2014-0187 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Neutron, Opensuse | 2025-04-12 | 9.0 HIGH | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | |||||
| CVE-2016-1372 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | |||||
| CVE-2014-9683 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 3.6 LOW | N/A |
| Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. | |||||
| CVE-2015-2734 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | 10.0 HIGH | N/A |
| The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | |||||
| CVE-2015-3333 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-0819 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. | |||||
| CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 30 Ubuntu Linux, Imagemagick, Leap and 27 more | 2025-04-12 | 5.8 MEDIUM | 5.5 MEDIUM |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||||
| CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2025-04-12 | 5.0 MEDIUM | N/A |
| iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||