U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 230 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

Published: February 04, 2014; 6:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Published: May 13, 2013; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Published: May 13, 2013; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1940

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Published: May 13, 2013; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Published: May 02, 2013; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-0305

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.

Published: May 02, 2013; 10:55:05 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-1944

The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.

Published: April 29, 2013; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

Published: April 29, 2013; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-1926

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.

Published: April 29, 2013; 6:55:08 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Published: April 25, 2013; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1901

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Published: April 04, 2013; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

Published: April 04, 2013; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Published: April 04, 2013; 1:55:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-0800

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

Published: April 03, 2013; 7:56:21 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.

Published: April 03, 2013; 7:56:21 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

Published: April 02, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

Published: April 01, 2013; 11:23:26 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Published: April 01, 2013; 11:22:21 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-1838

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Published: March 22, 2013; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-0335

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Published: March 22, 2013; 5:55:00 PM -0400
V3.x:(not available)
V2.0: 6.0 MEDIUM