Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-4805 |
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Published: May 23, 2016; 6:59:13 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-0794 |
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. Published: February 18, 2016; 4:59:01 PM -0500 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-2661 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. Published: July 16, 2015; 7:00:20 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-9402 |
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. Published: February 24, 2015; 10:59:02 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-8080 |
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. Published: November 03, 2014; 11:55:07 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3564 |
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Published: October 20, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-3686 |
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. Published: October 15, 2014; 8:55:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-3618 |
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Published: September 08, 2014; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-5033 |
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." Published: August 19, 2014; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-3528 |
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Published: August 19, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3522 |
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Published: August 19, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3504 |
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Published: August 19, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-4909 |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. Published: July 29, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1419 |
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. Published: July 24, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-3537 |
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Published: July 23, 2014; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2014-3730 |
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." Published: May 16, 2014; 11:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1418 |
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Published: May 16, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-0211 |
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Published: May 15, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-0210 |
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Published: May 15, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-0209 |
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Published: May 15, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |