Filtered by vendor Canonical
Subscriptions
Total
4250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3849 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-11 | N/A |
| The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. | ||||
| CVE-2010-3848 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. | ||||
| CVE-2010-3705 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-11 | N/A |
| The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. | ||||
| CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 12 Cups, Ubuntu Linux, Debian Linux and 9 more | 2025-04-11 | N/A |
| The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | ||||
| CVE-2010-3689 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | N/A |
| soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2010-3477 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2025-04-11 | N/A |
| The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. | ||||
| CVE-2010-3451 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document. | ||||
| CVE-2010-3443 | 2 Canonical, Quassel-irc | 2 Ubuntu Linux, Quassel Irc | 2025-04-11 | N/A |
| ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message. | ||||
| CVE-2010-3310 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-11 | N/A |
| Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. | ||||
| CVE-2010-3442 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-11 | N/A |
| Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. | ||||
| CVE-2010-3301 | 4 Canonical, Linux, Redhat and 1 more | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. | ||||
| CVE-2010-3259 | 5 Apple, Canonical, Google and 2 more | 6 Iphone Os, Safari, Ubuntu Linux and 3 more | 2025-04-11 | N/A |
| WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | ||||
| CVE-2010-3248 | 2 Canonical, Google | 2 Ubuntu Linux, Chrome | 2025-04-11 | N/A |
| Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. | ||||
| CVE-2010-3115 | 4 Canonical, Google, Redhat and 1 more | 4 Ubuntu Linux, Chrome, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors. | ||||
| CVE-2010-3113 | 4 Canonical, Google, Redhat and 1 more | 4 Ubuntu Linux, Chrome, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController. | ||||
| CVE-2010-3084 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command. | ||||
| CVE-2010-3080 | 5 Canonical, Linux, Opensuse and 2 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | N/A |
| Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. | ||||
| CVE-2010-3078 | 6 Canonical, Linux, Opensuse and 3 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2025-04-11 | 5.5 Medium |
| The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. | ||||
| CVE-2010-3069 | 3 Canonical, Redhat, Samba | 4 Ubuntu Linux, Enterprise Linux, Rhel Eus and 1 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. | ||||
| CVE-2010-2960 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 1 more | 2025-04-11 | 7.8 High |
| The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | ||||