Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2017-02-15 | N/A |
| Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | ||||
| CVE-2016-9119 | 3 Canonical, Debian, Moinmo | 3 Ubuntu Linux, Debian Linux, Moinmoin | 2017-02-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | N/A |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | ||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | N/A |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | ||||
| CVE-2014-5356 | 2 Canonical, Openstack | 2 Ubuntu Linux, Image Registry And Delivery Service \(glance\) | 2017-01-07 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. | ||||
| CVE-2014-5031 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2017-01-07 | N/A |
| The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | ||||
| CVE-2014-5030 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2017-01-07 | N/A |
| CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | ||||
| CVE-2014-5029 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2017-01-07 | N/A |
| The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | ||||
| CVE-2014-4615 | 3 Canonical, Openstack, Redhat | 6 Ubuntu Linux, Neutron, Oslo and 3 more | 2017-01-07 | N/A |
| The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | ||||
| CVE-2014-1419 | 1 Canonical | 2 Acpi-support, Ubuntu Linux | 2017-01-07 | N/A |
| Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2014-1418 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2017-01-07 | N/A |
| Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. | ||||
| CVE-2014-0474 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2017-01-07 | N/A |
| The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." | ||||
| CVE-2014-0473 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2017-01-07 | N/A |
| The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | ||||
| CVE-2014-0472 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2017-01-07 | N/A |
| The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." | ||||
| CVE-2015-3333 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2017-01-03 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2015-2668 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | ||||
| CVE-2015-2222 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | ||||
| CVE-2015-2221 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | ||||
| CVE-2015-2170 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | N/A |
| The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
| CVE-2015-0840 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2017-01-03 | N/A |
| The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). | ||||