Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Filtered by product Ubuntu Linux
Total 3980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1337 2 Canonical, Simpestreams Project 2 Ubuntu Linux, Simplestreams 2015-10-09 6.8 MEDIUM N/A
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
CVE-2015-1338 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2015-10-02 7.2 HIGH N/A
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
CVE-2015-1317 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2015-09-28 7.5 HIGH N/A
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
CVE-2013-2021 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 4.3 MEDIUM N/A
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
CVE-2013-2020 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 5.0 MEDIUM N/A
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.
CVE-2015-6727 2 Canonical, Mediawiki 2 Ubuntu Linux, Mediawiki 2015-09-02 5.0 MEDIUM N/A
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2015-1321 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2015-04-30 6.8 MEDIUM N/A
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
CVE-2015-1315 2 Canonical, Info-zip 2 Ubuntu Linux, Unzip 2015-02-24 7.5 HIGH N/A
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
CVE-2014-1425 2 Canonical, Linuxcontainers 2 Ubuntu Linux, Cgmanager 2015-01-08 2.1 LOW N/A
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
CVE-2014-4909 4 Canonical, Fedoraproject, Gentoo and 1 more 4 Ubuntu Linux, Fedora, Linux and 1 more 2014-11-13 6.8 MEDIUM N/A
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVE-2014-5033 3 Canonical, Debian, Kde 4 Ubuntu Linux, Kde4libs, Kauth and 1 more 2014-10-16 6.9 MEDIUM N/A
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
CVE-2014-5253 2 Canonical, Openstack 2 Ubuntu Linux, Keystone 2014-10-09 4.9 MEDIUM N/A
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
CVE-2014-5252 2 Canonical, Openstack 2 Ubuntu Linux, Keystone 2014-10-09 4.9 MEDIUM N/A
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
CVE-2014-5251 2 Canonical, Openstack 2 Ubuntu Linux, Keystone 2014-10-09 4.9 MEDIUM N/A
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
CVE-2013-7374 1 Canonical 1 Ubuntu Linux 2014-07-18 4.6 MEDIUM N/A
The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.
CVE-2012-6648 2 Canonical, Gdm-guest-session Project 2 Ubuntu Linux, Gdm-guest-session 2014-07-18 2.1 LOW N/A
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.
CVE-2013-1068 1 Canonical 1 Ubuntu Linux 2014-06-20 5.0 MEDIUM N/A
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
CVE-2012-1166 1 Canonical 2 Ltsp Display Manager, Ubuntu Linux 2014-05-30 10.0 HIGH N/A
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
CVE-2012-0943 2 Canonical, Robert Ancell 2 Ubuntu Linux, Lightdm 2014-05-29 2.1 LOW N/A
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
CVE-2014-2405 3 Canonical, Debian, Oracle 3 Ubuntu Linux, Debian Linux, Openjdk 2014-05-14 10.0 HIGH N/A
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.