Ubuntu Linux
by Canonical
CVEs (1,886)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2132 | 0.00 | — | 0.03 | Aug 15, 2013 | bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." | |||
| CVE-2013-2126 | 0.00 | — | 0.04 | Aug 14, 2013 | Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW… | |||
| CVE-2013-2174 | 0.00 | — | 0.11 | Jul 31, 2013 | Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent)… | |||
| CVE-2013-2112 | 0.00 | — | 0.04 | Jul 31, 2013 | The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | |||
| CVE-2013-1968 | 0.00 | — | 0.03 | Jul 31, 2013 | Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | |||
| CVE-2013-4002 | 0.00 | — | 0.25 | Jul 23, 2013 | XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java… | |||
| CVE-2013-4668 | 0.00 | — | 0.04 | Jul 18, 2013 | Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action,… | |||
| CVE-2013-3812 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | |||
| CVE-2013-3809 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. | |||
| CVE-2013-3804 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | |||
| CVE-2013-3802 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. | |||
| CVE-2013-3793 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | |||
| CVE-2013-3783 | 0.00 | — | 0.03 | Jul 17, 2013 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. | |||
| CVE-2013-1059 | 0.00 | — | 0.05 | Jul 8, 2013 | net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. | |||
| CVE-2013-2064 | 0.00 | — | 0.02 | Jun 15, 2013 | Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | |||
| CVE-2013-1987 | 0.00 | — | 0.02 | Jun 15, 2013 | Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. | |||
| CVE-2013-1981 | 0.00 | — | 0.01 | Jun 15, 2013 | Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5)… | |||
| CVE-2013-2852 | 0.00 | — | 0.01 | Jun 7, 2013 | Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an… | |||
| CVE-2002-2443 | 0.00 | — | 0.06 | May 29, 2013 | schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a… | |||
| CVE-2007-6746 | 0.00 | — | 0.01 | May 21, 2013 | telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL… |
- CVE-2013-2132Aug 15, 2013risk 0.00cvss —epss 0.03
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
- CVE-2013-2126Aug 14, 2013risk 0.00cvss —epss 0.04
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW…
- CVE-2013-2174Jul 31, 2013risk 0.00cvss —epss 0.11
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent)…
- CVE-2013-2112Jul 31, 2013risk 0.00cvss —epss 0.04
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
- CVE-2013-1968Jul 31, 2013risk 0.00cvss —epss 0.03
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
- CVE-2013-4002Jul 23, 2013risk 0.00cvss —epss 0.25
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java…
- CVE-2013-4668Jul 18, 2013risk 0.00cvss —epss 0.04
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action,…
- CVE-2013-3812Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
- CVE-2013-3809Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
- CVE-2013-3804Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
- CVE-2013-3802Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
- CVE-2013-3793Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
- CVE-2013-3783Jul 17, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
- CVE-2013-1059Jul 8, 2013risk 0.00cvss —epss 0.05
net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
- CVE-2013-2064Jun 15, 2013risk 0.00cvss —epss 0.02
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
- CVE-2013-1987Jun 15, 2013risk 0.00cvss —epss 0.02
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
- CVE-2013-1981Jun 15, 2013risk 0.00cvss —epss 0.01
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5)…
- CVE-2013-2852Jun 7, 2013risk 0.00cvss —epss 0.01
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an…
- CVE-2002-2443May 29, 2013risk 0.00cvss —epss 0.06
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a…
- CVE-2007-6746May 21, 2013risk 0.00cvss —epss 0.01
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL…
Page 76 of 95