Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 14 Ubuntu Linux, Debian Linux, Patch and 11 more | 2025-04-14 | N/A |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | ||||
| CVE-2015-2756 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | N/A |
| QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | ||||
| CVE-2015-3414 | 6 Apple, Canonical, Debian and 3 more | 7 Mac Os X, Watchos, Ubuntu Linux and 4 more | 2025-04-12 | N/A |
| SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | ||||
| CVE-2014-8117 | 5 Canonical, File Project, Freebsd and 2 more | 5 Ubuntu Linux, File, Freebsd and 2 more | 2025-04-12 | N/A |
| softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. | ||||
| CVE-2013-7423 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Glibc, Opensuse and 4 more | 2025-04-12 | N/A |
| The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | ||||
| CVE-2014-6054 | 4 Canonical, Debian, Libvncserver and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2025-04-12 | N/A |
| The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. | ||||
| CVE-2016-2069 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | ||||
| CVE-2015-3195 | 9 Apple, Canonical, Debian and 6 more | 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more | 2025-04-12 | 5.3 Medium |
| The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | ||||
| CVE-2015-3185 | 4 Apache, Apple, Canonical and 1 more | 8 Http Server, Mac Os X, Mac Os X Server and 5 more | 2025-04-12 | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | ||||
| CVE-2014-8080 | 4 Canonical, Opensuse, Redhat and 1 more | 5 Ubuntu Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | ||||
| CVE-2016-4355 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2025-04-12 | N/A |
| Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | ||||
| CVE-2016-2114 | 3 Canonical, Redhat, Samba | 7 Ubuntu Linux, Enterprise Linux, Rhel Aus and 4 more | 2025-04-12 | N/A |
| The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. | ||||
| CVE-2015-0239 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-12 | N/A |
| The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | ||||
| CVE-2016-7401 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2025-04-12 | N/A |
| The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | ||||
| CVE-2013-4496 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2025-04-12 | N/A |
| Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. | ||||
| CVE-2015-8467 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 7.5 High |
| The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. | ||||
| CVE-2015-0222 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2025-04-12 | N/A |
| ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. | ||||
| CVE-2015-1852 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Keystonemiddleware, Python-keystoneclient and 1 more | 2025-04-12 | N/A |
| The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | ||||
| CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2025-04-12 | N/A |
| Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | ||||
| CVE-2015-5296 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | 5.4 Medium |
| Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | ||||