Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0763 5 Canonical, Mozilla, Opensuse and 2 more 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more 2020-08-04 9.3 HIGH N/A
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.
CVE-2010-3248 2 Canonical, Google 2 Ubuntu Linux, Chrome 2020-08-03 5.0 MEDIUM N/A
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
CVE-2020-11932 1 Canonical 1 Subiquity 2020-08-03 2.1 LOW 2.3 LOW
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
CVE-2014-1509 5 Canonical, Mozilla, Opensuse and 2 more 16 Ubuntu Linux, Firefox, Firefox Esr and 13 more 2020-08-03 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-03 7.5 HIGH 9.8 CRITICAL
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2014-1508 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2020-08-03 6.4 MEDIUM 9.1 CRITICAL
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
CVE-2008-3534 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2020-07-31 4.9 MEDIUM N/A
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
CVE-2008-3535 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2020-07-31 4.9 MEDIUM N/A
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.
CVE-2018-1152 3 Canonical, Debian, Libjpeg-turbo 3 Ubuntu Linux, Debian Linux, Libjpeg-turbo 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2014-1491 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2020-07-31 4.3 MEDIUM N/A
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
CVE-2014-1490 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2020-07-31 9.3 HIGH N/A
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
CVE-2018-6594 3 Canonical, Debian, Dlitz 3 Ubuntu Linux, Debian Linux, Pycrypto 2020-07-31 5.0 MEDIUM 7.5 HIGH
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2012-0259 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2012-0248 4 Canonical, Debian, Imagemagick and 1 more 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more 2020-07-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVE-2012-0247 4 Canonical, Debian, Imagemagick and 1 more 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more 2020-07-31 6.8 MEDIUM 8.8 HIGH
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVE-2018-14647 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2020-07-29 5.0 MEDIUM 7.5 HIGH
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
CVE-2017-6519 2 Avahi, Canonical 2 Avahi, Ubuntu Linux 2020-07-29 6.4 MEDIUM 9.1 CRITICAL
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
CVE-2019-12068 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2020-07-26 2.1 LOW 3.8 LOW
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
CVE-2011-0480 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2020-07-24 9.3 HIGH N/A
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.