VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2013-1058Nov 23, 2013
    risk 0.00cvss epss 0.02

    maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.

  • CVE-2013-6858Nov 23, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

  • CVE-2010-3443Nov 23, 2013
    risk 0.00cvss epss 0.02

    ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

  • CVE-2013-4563Nov 20, 2013
    risk 0.00cvss epss 0.04

    The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of…

  • CVE-2013-1057Nov 18, 2013
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

  • CVE-2013-4348Nov 4, 2013
    risk 0.00cvss epss 0.09

    The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.

  • CVE-2013-4402Oct 28, 2013
    risk 0.00cvss epss 0.05

    The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.

  • CVE-2013-1056Oct 28, 2013
    risk 0.00cvss epss 0.00

    X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.

  • CVE-2013-4428Oct 27, 2013
    risk 0.00cvss epss 0.03

    OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise…

  • CVE-2013-1067Oct 25, 2013
    risk 0.00cvss epss 0.00

    Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.

  • CVE-2013-5807Oct 16, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.

  • CVE-2013-3839Oct 16, 2013
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

  • CVE-2013-4256Oct 9, 2013
    risk 0.00cvss epss 0.01

    Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2)…

  • CVE-2013-2099Oct 9, 2013
    risk 0.00cvss epss 0.05

    Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption)…

  • CVE-2013-4344Oct 4, 2013
    risk 0.00cvss epss 0.00

    Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

  • CVE-2013-4327Oct 3, 2013
    risk 0.00cvss epss 0.00

    systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to…

  • CVE-2013-4311Oct 3, 2013
    risk 0.00cvss epss 0.00

    libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related…

  • CVE-2013-4288Oct 3, 2013
    risk 0.00cvss epss 0.00

    Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus…

  • CVE-2013-1066Oct 3, 2013
    risk 0.00cvss epss 0.00

    language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race…

  • CVE-2013-1065Oct 3, 2013
    risk 0.00cvss epss 0.00

    backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2)…

Page 74 of 95