Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0825 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback. | ||||
| CVE-2014-9471 | 2 Canonical, Gnu | 2 Ubuntu Linux, Coreutils | 2025-04-12 | N/A |
| The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | ||||
| CVE-2014-3710 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2025-04-12 | N/A |
| The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | ||||
| CVE-2014-9496 | 5 Canonical, Debian, Libsndfile Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more | 2025-04-12 | N/A |
| The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | ||||
| CVE-2015-0831 | 3 Canonical, Mozilla, Redhat | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. | ||||
| CVE-2014-0056 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | ||||
| CVE-2014-0211 | 3 Canonical, Redhat, X | 3 Ubuntu Linux, Enterprise Linux, Libxfont | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. | ||||
| CVE-2016-3486 | 3 Canonical, Oracle, Redhat | 3 Ubuntu Linux, Mysql, Rhel Software Collections | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | ||||
| CVE-2015-8776 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | N/A |
| The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. | ||||
| CVE-2015-8778 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | N/A |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | ||||
| CVE-2015-8779 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. | ||||
| CVE-2015-8806 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2025-04-12 | 7.5 High |
| dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | ||||
| CVE-2015-8812 | 4 Canonical, Linux, Novell and 1 more | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Real Time Extension and 2 more | 2025-04-12 | 9.8 Critical |
| drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. | ||||
| CVE-2015-3331 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | N/A |
| The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. | ||||
| CVE-2014-1418 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2025-04-12 | N/A |
| Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. | ||||
| CVE-2015-8872 | 3 Canonical, Dosfstools Project, Opensuse | 4 Ubuntu Linux, Dosfstools, Leap and 1 more | 2025-04-12 | N/A |
| The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | ||||
| CVE-2014-0187 | 4 Canonical, Openstack, Opensuse and 1 more | 4 Ubuntu Linux, Neutron, Opensuse and 1 more | 2025-04-12 | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | ||||
| CVE-2014-1419 | 1 Canonical | 2 Acpi-support, Ubuntu Linux | 2025-04-12 | N/A |
| Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-1216 | 3 Canonical, Google, Redhat | 7 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. | ||||
| CVE-2014-8602 | 4 Canonical, Debian, Nlnetlabs and 1 more | 4 Ubuntu Linux, Debian Linux, Unbound and 1 more | 2025-04-12 | N/A |
| iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | ||||