VYPR

Vendor CVEs

Ubuntu

All CVEs

1,658 total · sorted by risk
  • CVE-2005-3119Oct 12, 2005
    risk 0.00cvss epss 0.00

    Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.

  • CVE-2005-3105Sep 30, 2005
    risk 0.00cvss epss 0.00

    The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.

  • CVE-2005-3108Sep 30, 2005
    risk 0.00cvss epss 0.00

    mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.

  • CVE-2005-3107Sep 30, 2005
    risk 0.00cvss epss 0.00

    fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.

  • CVE-2005-3055Sep 26, 2005
    risk 0.00cvss epss 0.00

    Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.

  • CVE-2005-3044Sep 22, 2005
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.

  • CVE-2005-2617Aug 17, 2005
    risk 0.00cvss epss 0.00

    The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.

  • CVE-2005-0106May 3, 2005
    risk 0.00cvss epss 0.00

    SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

  • CVE-2005-0080May 2, 2005
    risk 0.00cvss epss 0.01

    The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

  • CVE-2005-0988May 2, 2005
    risk 0.00cvss epss 0.01

    Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…

  • CVE-2005-0077May 2, 2005
    risk 0.00cvss epss 0.00

    The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

  • CVE-2005-0206Apr 27, 2005
    risk 0.00cvss epss 0.03

    The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

  • CVE-2005-0754Apr 22, 2005
    risk 0.00cvss epss 0.03

    Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

  • CVE-2005-0749Apr 1, 2005
    risk 0.00cvss epss 0.00

    The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.

  • CVE-2005-0384Mar 15, 2005
    risk 0.00cvss epss 0.04

    Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

  • CVE-2004-1051Mar 1, 2005
    risk 0.00cvss epss 0.01

    sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

  • CVE-2004-0983Mar 1, 2005
    risk 0.00cvss epss 0.02

    The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

  • CVE-2004-1007Mar 1, 2005
    risk 0.00cvss epss 0.02

    The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.

  • CVE-2004-0969Feb 9, 2005
    risk 0.00cvss epss 0.00

    The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0957Feb 9, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

  • CVE-2004-0966Feb 9, 2005
    risk 0.00cvss epss 0.00

    The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0889Jan 27, 2005
    risk 0.00cvss epss 0.06

    Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

  • CVE-2004-1011Jan 10, 2005
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

  • CVE-2004-1058Jan 10, 2005
    risk 0.00cvss epss 0.00

    Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

  • CVE-2004-1013Jan 10, 2005
    risk 0.00cvss epss 0.06

    The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an…

  • CVE-2004-1068Jan 10, 2005
    risk 0.00cvss epss 0.00

    A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

  • CVE-2004-1015Jan 10, 2005
    risk 0.00cvss epss 0.05

    Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

  • CVE-2004-0949Jan 10, 2005
    risk 0.00cvss epss 0.03

    The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to…

  • CVE-2004-0883Jan 10, 2005
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read…

  • CVE-2004-1012Jan 10, 2005
    risk 0.00cvss epss 0.06

    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to…

  • CVE-2004-1069Jan 10, 2005
    risk 0.00cvss epss 0.00

    Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.

  • CVE-2004-1151Jan 10, 2005
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.

  • CVE-2004-1056Jan 10, 2005
    risk 0.00cvss epss 0.03

    Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.

  • CVE-2004-1067Jan 10, 2005
    risk 0.00cvss epss 0.05

    Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

  • CVE-2004-0956Jan 10, 2005
    risk 0.00cvss epss 0.04

    MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.

  • CVE-2004-0802Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

  • CVE-2004-0592Dec 31, 2004
    risk 0.00cvss epss 0.02

    The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that…

  • CVE-2004-0817Dec 31, 2004
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

  • CVE-2004-0814Dec 23, 2004
    risk 0.00cvss epss 0.01

    Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of…

  • CVE-2004-1337Dec 23, 2004
    risk 0.00cvss epss 0.00

    The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.

  • CVE-2004-0626Dec 6, 2004
    risk 0.00cvss epss 0.03

    The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a…

  • CVE-2004-0565Dec 6, 2004
    risk 0.00cvss epss 0.00

    Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

  • CVE-2004-0827Sep 16, 2004
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

  • CVE-2004-0394Aug 18, 2004
    risk 0.00cvss epss 0.00

    A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic.

  • CVE-2004-0001Feb 17, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.

  • CVE-2003-0984Jan 5, 2004
    risk 0.00cvss epss 0.00

    Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.

  • CVE-2003-0699Aug 27, 2003
    risk 0.00cvss epss 0.02

    The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.

  • CVE-2003-0552Aug 27, 2003
    risk 0.00cvss epss 0.03

    Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.

  • CVE-2003-0465Aug 18, 2003
    risk 0.00cvss epss 0.02

    The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

  • CVE-2003-0643Jul 25, 2003
    risk 0.00cvss epss 0.00

    Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash).

Page 33 of 34