Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Ubuntu Linux
Total 4162 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3165 4 Apple, Canonical, Debian and 1 more 4 Mac Os X Server, Ubuntu Linux, Debian Linux and 1 more 2025-04-12 4.3 MEDIUM N/A
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CVE-2015-3407 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 5.0 MEDIUM N/A
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
CVE-2015-0383 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-12 5.4 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
CVE-2015-0250 3 Apache, Canonical, Redhat 3 Batik, Ubuntu Linux, Jboss Enterprise Brms Platform 2025-04-12 6.4 MEDIUM N/A
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
CVE-2016-1837 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
CVE-2015-5277 3 Canonical, Gnu, Redhat 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more 2025-04-12 7.2 HIGH N/A
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
CVE-2014-8484 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Binutils 2025-04-12 5.0 MEDIUM N/A
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
CVE-2014-0454 4 Canonical, Ibm, Microsoft and 1 more 5 Ubuntu Linux, Forms Viewer, Windows and 2 more 2025-04-12 7.5 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
CVE-2015-1774 6 Apache, Canonical, Debian and 3 more 8 Openoffice, Ubuntu Linux, Debian Linux and 5 more 2025-04-12 6.8 MEDIUM N/A
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
CVE-2016-4794 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 7.2 HIGH 7.8 HIGH
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
CVE-2016-3716 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2025-04-12 4.3 MEDIUM 3.3 LOW
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-6185 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 4.6 MEDIUM 7.8 HIGH
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
CVE-2016-2818 6 Canonical, Debian, Mozilla and 3 more 21 Ubuntu Linux, Debian Linux, Firefox and 18 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-4454 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 3.6 LOW 6.0 MEDIUM
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
CVE-2014-0098 3 Apache, Canonical, Oracle 4 Http Server, Ubuntu Linux, Http Server and 1 more 2025-04-12 5.0 MEDIUM N/A
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
CVE-2016-2832 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2025-04-12 4.3 MEDIUM 4.3 MEDIUM
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
CVE-2014-9668 4 Canonical, Fedoraproject, Freetype and 1 more 4 Ubuntu Linux, Fedora, Freetype and 1 more 2025-04-12 7.5 HIGH N/A
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.
CVE-2016-3074 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2025-04-12 10.0 HIGH 8.4 HIGH
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2025-04-12 2.1 LOW 3.3 LOW
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.