Filtered by vendor Canonical
Subscribe
Total
4021 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8946 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2016-07-27 | 2.1 LOW | 3.3 LOW |
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-3686 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2016-07-26 | 6.8 MEDIUM | N/A |
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | |||||
CVE-2016-5360 | 2 Canonical, Haproxy | 2 Ubuntu Linux, Haproxy | 2016-07-01 | 5.0 MEDIUM | 7.5 HIGH |
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-1582 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. | |||||
CVE-2016-1581 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2016-06-10 | 2.1 LOW | 5.5 MEDIUM |
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | |||||
CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2016-05-26 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | |||||
CVE-2016-1580 | 1 Canonical | 2 Ubuntu-core-launcher, Ubuntu Linux | 2016-05-19 | 10.0 HIGH | 9.8 CRITICAL |
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core." | |||||
CVE-2016-1578 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2016-05-19 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests. | |||||
CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2016-05-18 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | |||||
CVE-2015-3146 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2016-04-20 | 5.0 MEDIUM | 7.5 HIGH |
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | |||||
CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2016-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |||||
CVE-2013-6422 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2016-04-07 | 4.0 MEDIUM | N/A |
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | |||||
CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2016-04-06 | 5.0 MEDIUM | N/A |
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
CVE-2015-1342 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2015-12-08 | 4.6 MEDIUM | N/A |
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||||
CVE-2015-1344 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2015-12-08 | 7.2 HIGH | N/A |
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. | |||||
CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2015-11-18 | 4.6 MEDIUM | N/A |
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2014-0471 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2015-10-16 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." | |||||
CVE-2014-1949 | 3 Canonical, Gtk, Linuxmint | 3 Ubuntu, Gtk\+, Linux Mint | 2015-10-13 | 7.2 HIGH | N/A |
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | |||||
CVE-2015-1337 | 2 Canonical, Simpestreams Project | 2 Ubuntu Linux, Simplestreams | 2015-10-09 | 6.8 MEDIUM | N/A |
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | |||||
CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2015-10-02 | 7.2 HIGH | N/A |
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. |