Filtered by vendor Canonical
Subscriptions
Total
4264 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | ||||
| CVE-2016-1835 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Ubuntu Linux and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. | ||||
| CVE-2015-3196 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | N/A |
| ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. | ||||
| CVE-2015-3195 | 9 Apple, Canonical, Debian and 6 more | 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more | 2025-04-12 | 5.3 Medium |
| The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | ||||
| CVE-2014-5031 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2025-04-12 | N/A |
| The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | ||||
| CVE-2014-6054 | 4 Canonical, Debian, Libvncserver and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2025-04-12 | N/A |
| The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. | ||||
| CVE-2015-3258 | 4 Canonical, Debian, Linuxfoundation and 1 more | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | ||||
| CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2025-04-12 | N/A |
| Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | ||||
| CVE-2011-3152 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2025-04-12 | N/A |
| DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file. | ||||
| CVE-2016-4355 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2025-04-12 | N/A |
| Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | ||||
| CVE-2014-8132 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. | ||||
| CVE-2016-1372 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | N/A |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | ||||
| CVE-2014-8483 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2025-04-12 | N/A |
| The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | ||||
| CVE-2015-8872 | 3 Canonical, Dosfstools Project, Opensuse | 4 Ubuntu Linux, Dosfstools, Leap and 1 more | 2025-04-12 | N/A |
| The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | ||||
| CVE-2014-9659 | 5 Canonical, Fedoraproject, Freetype and 2 more | 5 Ubuntu Linux, Fedora, Freetype and 2 more | 2025-04-12 | N/A |
| cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. | ||||
| CVE-2011-3628 | 1 Canonical | 2 Libpam-modules, Ubuntu Linux | 2025-04-12 | N/A |
| Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname. | ||||
| CVE-2016-1371 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | N/A |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | ||||
| CVE-2011-3634 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2025-04-12 | N/A |
| methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors. | ||||
| CVE-2015-0808 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | ||||
| CVE-2015-1216 | 3 Canonical, Google, Redhat | 7 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. | ||||