Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

2168 total CVE
CVE Vendors Products Updated CVSS
CVE-2013-4314 2 Canonical, Jean-paul Calderone 2 Ubuntu Linux, Pyopenssl 2013-12-08 4.3
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a...
CVE-2013-5745 2 David King, Canonical 2 Ubuntu Linux, Vino 2013-12-01 7.1
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during...
CVE-2013-1901 2 Postgresql, Canonical 2 Postgresql, Ubuntu Linux 2013-12-01 4.0
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2013-1899 2 Postgresql, Canonical 2 Postgresql, Ubuntu Linux 2013-12-01 6.5
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration...
CVE-2013-1865 2 Openstack, Canonical 2 Ubuntu Linux, Folsom 2013-12-01 6.8
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-4459 2 Robert Ancell, Canonical 2 Lightdm, Ubuntu Linux 2013-11-25 3.3
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
CVE-2013-1058 1 Canonical 2 Ubuntu Linux, Maas 2013-11-25 5.8
maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
CVE-2013-1057 1 Canonical 2 Ubuntu Linux, Maas 2013-11-21 4.4
Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.
CVE-2013-1056 1 Canonical 1 Ubuntu Linux 2013-10-29 1.9
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
CVE-2013-1067 1 Canonical 1 Ubuntu Linux 2013-10-28 4.9
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
CVE-2013-1062 2 Michael Vogt, Canonical 2 Ubuntu Linux, Ubuntu-system-service 2013-10-08 4.6
ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a...
CVE-2013-1065 2 Canonical, Martin Pitt 2 Jockey, Ubuntu Linux 2013-10-04 4.6
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition...
CVE-2013-1063 2 Evan Dandrea, Canonical 2 Usb-creator, Ubuntu Linux 2013-10-04 4.6
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a...
CVE-2013-1060 1 Canonical 1 Ubuntu Linux 2013-10-02 6.9
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system...
CVE-2013-1940 2 X, Canonical 2 Ubuntu Linux, X.org-xserver 2013-06-21 2.1
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading...
CVE-2007-6746 1 Canonical 2 Ubuntu Linux, Telepathy-idle 2013-06-21 5.8
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows...
CVE-2013-0335 2 Openstack, Canonical 4 Ubuntu Linux, Folsom, Essex and 1 more 2013-06-05 6.0
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
CVE-2013-0306 2 Djangoproject, Canonical 2 Ubuntu Linux, Django 2013-05-15 5.0
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server...
CVE-2013-0305 2 Djangoproject, Canonical 2 Ubuntu Linux, Django 2013-05-15 4.0
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object...
CVE-2012-6129 3 Transmissionbt, Fedoraproject, Canonical 3 Ubuntu Linux, Fedora, Transmission 2013-04-03 7.5
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport...