Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-6746 1 Canonical 2 Telepathy-idle, Ubuntu Linux 2013-06-21 N/A
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0335 2 Canonical, Openstack 4 Ubuntu Linux, Essex, Folsom and 1 more 2013-06-05 N/A
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
CVE-2013-0306 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2013-05-15 N/A
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
CVE-2013-0305 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2013-05-15 N/A
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
CVE-2013-0240 2 Canonical, Gnome 2 Ubuntu Linux, Gnome Online Accounts 2013-04-02 N/A
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.