Vulnerabilities (CVE)

Vendor filter

Canonical Subscribe

Filter

2168 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-1343 1 Canonical 1 Ubuntu Linux 2019-10-09 5.0
All versions of unity-scope-gdrive logs search terms to syslog.
CVE-2015-1327 1 Canonical 1 Ubuntu Linux 2019-10-09 4.3
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application...
CVE-2015-1320 1 Canonical 1 Metal As A Service 2019-10-09 5.0
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.
CVE-2014-9709 6 Libgd, Php, Novell and 3 more 6 Php, Libgd, Opensuse and 3 more 2019-10-09 5.0
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is...
CVE-2014-1428 1 Canonical 1 Metal As A Service 2019-10-09 5.0
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
CVE-2014-1427 1 Canonical 1 Metal As A Service 2019-10-09 4.3
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
CVE-2014-1426 1 Canonical 1 Metal As A Service 2019-10-09 5.0
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
CVE-2008-2829 2 Php, Canonical 2 Php, Ubuntu Linux 2019-10-09 5.0
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c...
CVE-2007-4772 5 Postgresql, Tcl Tk, Canonical and 2 more 5 Postgresql, Tcl Tk, Ubuntu Linux and 2 more 2019-10-09 4.0
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted...
CVE-2007-1562 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2019-10-09 6.8
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an...
CVE-2007-0988 3 Zend, Php, Canonical 3 Php, Engine, Ubuntu Linux 2019-10-09 4.3
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only...
CVE-2007-0780 2 Mozilla, Canonical 3 Firefox, Seamonkey, Ubuntu Linux 2019-10-09 6.8
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a...
CVE-2007-0778 3 Mozilla, Canonical, Debian 4 Firefox, Seamonkey, Ubuntu Linux and 1 more 2019-10-09 5.4
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain...
CVE-2007-0777 2 Mozilla, Canonical 4 Firefox, Seamonkey, Thunderbird and 1 more 2019-10-09 9.3
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain...
CVE-2007-0009 3 Mozilla, Canonical, Debian 6 Firefox, Seamonkey, Thunderbird and 3 more 2019-10-09 6.8
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System...
CVE-2006-6500 3 Mozilla, Canonical, Debian 5 Firefox, Seamonkey, Thunderbird and 2 more 2019-10-09 6.8
Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by...
CVE-2006-6499 3 Mozilla, Canonical, Debian 5 Firefox, Seamonkey, Thunderbird and 2 more 2019-10-09 4.3
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote...
CVE-2018-16585 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2019-10-09 6.8
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to...
CVE-2018-19541 4 Jasper Project, Canonical, Suse and 1 more 5 Jasper, Ubuntu Linux, Linux Enterprise Desktop and 2 more 2019-10-07 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
CVE-2017-12692 2 Imagemagick, Canonical 2 Imagemagick, Ubuntu Linux 2019-10-03 7.1
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.