Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2175 |
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Published: August 19, 2013; 9:07:58 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2162 |
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials. Published: August 19, 2013; 9:07:40 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-4248 |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 17, 2013; 10:52:23 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2132 |
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." Published: August 15, 2013; 1:55:24 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2126 |
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. Published: August 14, 2013; 11:55:06 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2174 |
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2112 |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Published: July 31, 2013; 9:20:24 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2013-1968 |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Published: July 31, 2013; 9:20:24 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2013-1987 |
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Published: June 15, 2013; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1981 |
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. Published: June 15, 2013; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-6746 |
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: May 21, 2013; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-2021 |
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Published: May 13, 2013; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2020 |
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Published: May 13, 2013; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1940 |
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. Published: May 13, 2013; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-0306 |
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. Published: May 02, 2013; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-0305 |
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. Published: May 02, 2013; 10:55:05 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1944 |
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Published: April 29, 2013; 6:55:08 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1927 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR." Published: April 29, 2013; 6:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1926 |
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet. Published: April 29, 2013; 6:55:08 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-0338 |
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Published: April 25, 2013; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |