Filtered by vendor Canonical
Subscribe
Total
4021 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2066 | 4 Canonical, Linux, Suse and 1 more | 6 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 3 more | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | |||||
CVE-2010-2063 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2023-02-12 | 7.5 HIGH | N/A |
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. | |||||
CVE-2010-1634 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Opensuse and 2 more | 2023-02-12 | 5.0 MEDIUM | N/A |
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. | |||||
CVE-2010-0410 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. | |||||
CVE-2010-0307 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-12 | 4.7 MEDIUM | N/A |
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | |||||
CVE-2012-0044 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. | |||||
CVE-2011-4600 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2023-02-12 | 4.3 MEDIUM | 5.9 MEDIUM |
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. | |||||
CVE-2010-4655 | 3 Canonical, Linux, Vmware | 3 Ubuntu Linux, Linux Kernel, Esx | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | |||||
CVE-2010-4656 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | |||||
CVE-2010-2808 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-02-12 | 6.8 MEDIUM | N/A |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. | |||||
CVE-2010-2806 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-02-12 | 6.8 MEDIUM | N/A |
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. | |||||
CVE-2010-2798 | 7 Avaya, Canonical, Debian and 4 more | 15 Aura Communication Manager, Aura Presence Services, Aura Session Manager and 12 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | |||||
CVE-2010-2538 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 2 more | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call. | |||||
CVE-2010-2500 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2023-02-12 | 6.8 MEDIUM | N/A |
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
CVE-2010-2524 | 4 Canonical, Linux, Suse and 1 more | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more | 2023-02-12 | 4.6 MEDIUM | 7.8 HIGH |
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | |||||
CVE-2010-2537 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Linux Enterprise High Availability Extension and 2 more | 2023-02-12 | 6.6 MEDIUM | 7.1 HIGH |
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor. | |||||
CVE-2010-2519 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2023-02-12 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. | |||||
CVE-2010-2495 | 3 Canonical, Linux, Suse | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 2 more | 2023-02-12 | 10.0 HIGH | N/A |
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. | |||||
CVE-2009-1386 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2023-02-12 | 5.0 MEDIUM | N/A |
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | |||||
CVE-2009-3555 | 8 Apache, Canonical, Debian and 5 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2023-02-12 | 5.8 MEDIUM | N/A |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. |