Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
There are 171 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2010-4656

The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.

Published: July 18, 2011; 3:55:00 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2010-4655

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

Published: July 18, 2011; 3:55:00 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Published: July 17, 2011; 4:55:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2011-2690

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Published: July 17, 2011; 4:55:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2011-2501

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

Published: July 17, 2011; 4:55:01 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

Published: July 07, 2011; 5:55:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1593

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

Published: May 03, 2011; 4:55:08 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-0463

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Published: April 09, 2011; 10:51:19 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Published: April 08, 2011; 11:17:27 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-0695

Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference.

Published: March 15, 2011; 1:55:04 PM -0400
V3.x:(not available)
V2.0: 5.7 MEDIUM
CVE-2011-0762

The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.

Published: March 02, 2011; 3:00:01 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2011-1017

Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.

Published: March 01, 2011; 6:00:03 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-1012

The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table.

Published: March 01, 2011; 6:00:03 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

Published: February 18, 2011; 3:00:09 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3454

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

Published: January 28, 2011; 5:00:05 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3451

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

Published: January 28, 2011; 5:00:05 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

Published: January 28, 2011; 5:00:05 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0480

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

Published: January 14, 2011; 12:00:03 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3850

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM