Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9658 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2025-04-12 | N/A |
| The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | ||||
| CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | N/A |
| Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | ||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | ||||
| CVE-2015-5260 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. | ||||
| CVE-2014-0004 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Udisks, Enterprise Linux | 2025-04-12 | N/A |
| Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. | ||||
| CVE-2014-0056 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | ||||
| CVE-2016-2833 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | ||||
| CVE-2015-2925 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | N/A |
| The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." | ||||
| CVE-2016-2829 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | ||||
| CVE-2016-0494 | 3 Canonical, Oracle, Redhat | 7 Ubuntu Linux, Jdk, Jre and 4 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| CVE-2014-0190 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Opensuse and 1 more | 2025-04-12 | N/A |
| The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. | ||||
| CVE-2016-2828 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. | ||||
| CVE-2016-1677 | 6 Canonical, Debian, Google and 3 more | 11 Ubuntu Linux, Debian Linux, Chrome and 8 more | 2025-04-12 | N/A |
| uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." | ||||
| CVE-2015-2301 | 6 Apple, Canonical, Debian and 3 more | 13 Mac Os X, Ubuntu Linux, Debian Linux and 10 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. | ||||
| CVE-2015-2221 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | ||||
| CVE-2015-1235 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | ||||
| CVE-2015-1465 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | N/A |
| The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. | ||||
| CVE-2016-1833 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-04-12 | N/A |
| The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2015-1211 | 7 Apple, Canonical, Google and 4 more | 12 Macos, Ubuntu Linux, Chrome and 9 more | 2025-04-12 | N/A |
| The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. | ||||
| CVE-2015-1315 | 2 Canonical, Info-zip | 2 Ubuntu Linux, Unzip | 2025-04-12 | N/A |
| Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | ||||