VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2014-1505HigMar 19, 2014
    risk 0.49cvss 7.5epss 0.04

    The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read…

  • CVE-2014-1487HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.02

    The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error…

  • CVE-2014-1481HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.04

    Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.

  • CVE-2014-1479HigFeb 6, 2014
    risk 0.49cvss 7.5epss 0.05

    The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content…

  • CVE-2012-1610HigJun 5, 2012
    risk 0.49cvss 7.5epss 0.05

    Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists…

  • CVE-2010-0302HigMar 5, 2010
    risk 0.49cvss 7.5epss 0.03

    Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or…

  • CVE-2009-3553HigNov 20, 2009
    risk 0.49cvss 7.5epss 0.04

    Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client…

  • CVE-2009-3547HigNov 4, 2009
    risk 0.49cvss 7.0epss 0.05

    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

  • CVE-2009-1955HigJun 8, 2009
    risk 0.49cvss 7.5epss 0.53

    The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document…

  • CVE-2008-4577HigOct 15, 2008
    risk 0.49cvss 7.5epss 0.02

    The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

  • CVE-2008-0063HigMar 19, 2008
    risk 0.49cvss 7.5epss 0.03

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

  • CVE-2007-3409HigJun 26, 2007
    risk 0.49cvss 7.5epss 0.03

    Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

  • CVE-2006-4997HigOct 10, 2006
    risk 0.49cvss 7.5epss 0.05

    The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).

  • CVE-2006-5158HigOct 5, 2006
    risk 0.49cvss 7.5epss 0.03

    The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

  • CVE-2006-2275HigMay 9, 2006
    risk 0.49cvss 7.5epss 0.03

    Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."

  • CVE-2005-2946HigSep 16, 2005
    risk 0.49cvss 7.5epss 0.01

    The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

  • CVE-2004-1002HigMar 1, 2005
    risk 0.49cvss 7.5epss 0.03

    Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

  • CVE-2017-1000407HigDec 11, 2017
    risk 0.48cvss 7.4epss 0.01

    The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

  • CVE-2016-2107MedMay 5, 2016
    risk 0.48cvss 5.9epss 0.89

    The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE:…

  • CVE-2016-2113HigApr 25, 2016
    risk 0.48cvss 7.4epss 0.03

    Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.

Page 19 of 95