U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 230 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-0765

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Published: February 19, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0208

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

Published: February 13, 2013; 11:55:01 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-0241

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

Published: February 12, 2013; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Published: February 12, 2013; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0189

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Published: February 08, 2013; 3:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Published: February 08, 2013; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-2137

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

Published: January 22, 2013; 6:55:02 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Published: January 18, 2013; 6:48:40 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-0389

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0386

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0385

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2013-0384

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Published: January 16, 2013; 8:55:05 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Published: January 16, 2013; 8:55:04 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2013-0371

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

Published: January 16, 2013; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-0368

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Published: January 16, 2013; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2013-0367

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Published: January 16, 2013; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-5096

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.

Published: January 16, 2013; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2012-5060

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Published: January 16, 2013; 8:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM