Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0386 | 5 Canonical, Debian, Mariadb and 2 more | 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | ||||
| CVE-2012-4181 | 3 Canonical, Mozilla, Redhat | 10 Ubuntu Linux, Firefox, Seamonkey and 7 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||||
| CVE-2010-3436 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2025-04-11 | N/A |
| fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. | ||||
| CVE-2009-4895 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2025-04-11 | 4.7 Medium |
| Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. | ||||
| CVE-2013-4256 | 2 Canonical, Radscan | 2 Ubuntu Linux, Network Audio System | 2025-04-11 | N/A |
| Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c. | ||||
| CVE-2013-2021 | 3 Canonical, Clamav, Suse | 3 Ubuntu Linux, Clamav, Linux Enterprise Server | 2025-04-11 | N/A |
| pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. | ||||
| CVE-2010-2067 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2025-04-11 | N/A |
| Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. | ||||
| CVE-2013-5609 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 18 Ubuntu Linux, Fedora, Firefox and 15 more | 2025-04-11 | 9.8 Critical |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2013-1861 | 7 Canonical, Debian, Mariadb and 4 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | N/A |
| MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. | ||||
| CVE-2010-4656 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | 7.8 High |
| The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | ||||
| CVE-2010-2648 | 3 Canonical, Google, Opensuse | 3 Ubuntu Linux, Chrome, Opensuse | 2025-04-11 | N/A |
| The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2010-2066 | 5 Canonical, Linux, Redhat and 2 more | 7 Ubuntu Linux, Linux Kernel, Enterprise Linux and 4 more | 2025-04-11 | 5.5 Medium |
| The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | ||||
| CVE-2014-1490 | 8 Canonical, Debian, Fedoraproject and 5 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-11 | N/A |
| Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. | ||||
| CVE-2007-6746 | 1 Canonical | 2 Telepathy-idle, Ubuntu Linux | 2025-04-11 | N/A |
| telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-3197 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | ||||
| CVE-2010-2520 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | ||||
| CVE-2010-3296 | 6 Canonical, Debian, Linux and 3 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-11 | N/A |
| The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. | ||||
| CVE-2012-3167 | 5 Canonical, Debian, Mariadb and 2 more | 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. | ||||
| CVE-2013-4475 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). | ||||
| CVE-2010-0395 | 7 Apache, Canonical, Debian and 4 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2025-04-11 | N/A |
| OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||