Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2374 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 6.8 MEDIUM 8.1 HIGH
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
CVE-2016-2373 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.3 MEDIUM 5.9 MEDIUM
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
CVE-2016-2372 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.9 MEDIUM 5.9 MEDIUM
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid size for a file transfer which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the file is sent to another user.
CVE-2016-2371 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 6.8 MEDIUM 8.1 HIGH
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
CVE-2016-2368 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 7.5 HIGH 8.1 HIGH
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
CVE-2016-2367 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 3.5 LOW 5.9 MEDIUM
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user.
CVE-2016-2370 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.3 MEDIUM 5.9 MEDIUM
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
CVE-2016-2369 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.3 MEDIUM 5.9 MEDIUM
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
CVE-2016-2366 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.3 MEDIUM 5.9 MEDIUM
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
CVE-2016-2365 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2017-03-29 4.3 MEDIUM 5.9 MEDIUM
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash.
CVE-2016-3981 3 Canonical, Debian, Optipng Project 3 Ubuntu Linux, Debian Linux, Optipng 2017-02-18 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
CVE-2016-9963 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2017-02-15 2.6 LOW 5.9 MEDIUM
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2016-9119 3 Canonical, Debian, Moinmo 3 Ubuntu Linux, Debian Linux, Moinmoin 2017-02-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5356 2 Canonical, Openstack 2 Ubuntu Linux, Image Registry And Delivery Service \(glance\) 2017-01-06 4.0 MEDIUM N/A
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
CVE-2016-9950 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2017-01-06 9.3 HIGH 7.8 HIGH
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
CVE-2016-9949 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2017-01-06 9.3 HIGH 7.8 HIGH
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVE-2014-5030 2 Apple, Canonical 2 Cups, Ubuntu Linux 2017-01-06 1.9 LOW N/A
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
CVE-2014-5031 2 Apple, Canonical 2 Cups, Ubuntu Linux 2017-01-06 5.0 MEDIUM N/A
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
CVE-2014-4615 3 Canonical, Openstack, Redhat 6 Ubuntu Linux, Neutron, Oslo and 3 more 2017-01-06 5.0 MEDIUM N/A
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
CVE-2014-5029 2 Apple, Canonical 2 Cups, Ubuntu Linux 2017-01-06 1.5 LOW N/A
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.