Filtered by vendor Canonical
Subscribe
Search
Total
3488 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3415 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | |||||
| CVE-2015-3416 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. | |||||
| CVE-2015-3414 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | |||||
| CVE-2014-9092 | 3 Canonical, Fedoraproject, Libjpeg-turbo | 3 Ubuntu Linux, Fedora, Libjpeg-turbo | 2018-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | |||||
| CVE-2015-8325 | 3 Canonical, Debian, Openbsd | 5 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 2 more | 2018-06-30 | 7.2 HIGH | 7.8 HIGH |
| The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | |||||
| CVE-2018-5114 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5115 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5111 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5109 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5108 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5107 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5106 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5093 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5094 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5092 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5090 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5116 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5118 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5119 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5101 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5100 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | |||||
| CVE-2017-18266 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Xdg-utils | 2018-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | |||||
| CVE-2018-10529 | 2 Canonical, Libraw | 2 Ubuntu Linux, Libraw | 2018-06-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. | |||||
| CVE-2015-5195 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | |||||
| CVE-2015-5194 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | |||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2018-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | |||||
| CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2018-05-11 | 7.8 HIGH | 7.5 HIGH |
| Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | |||||
| CVE-2018-4088 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-4096 | 3 Apple, Canonical, Microsoft | 9 Apple Tv, Icloud, Iphone Os and 6 more | 2018-04-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected. iTunes before 12.7.3 on Windows is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2018-8885 | 1 Canonical | 2 Screen-resolution-extra, Ubuntu Linux | 2018-04-27 | 4.4 MEDIUM | 7.0 HIGH |
| screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call. | |||||
| CVE-2018-1000097 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Sharutils | 2018-04-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. | |||||
| CVE-2015-5180 | 2 Canonical, Gnu | 2 Ubuntu Linux, Glibc | 2018-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | |||||
| CVE-2017-16612 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxcursor | 2018-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. | |||||
| CVE-2017-14494 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||||
| CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | |||||
| CVE-2017-14492 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2018-03-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | |||||
| CVE-2017-14179 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | |||||
| CVE-2017-14180 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | |||||
| CVE-2017-14177 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | |||||
| CVE-2016-4449 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2018-01-18 | 5.8 MEDIUM | 7.1 HIGH |
| XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2016-7117 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-01-05 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | |||||
| CVE-2016-6313 | 3 Canonical, Debian, Gnupg | 4 Ubuntu Linux, Debian Linux, Gnupg and 1 more | 2018-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | |||||
| CVE-2016-7401 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | |||||
| CVE-2015-4771 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2018-01-05 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR. | |||||
| CVE-2015-4769 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2018-01-05 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767. | |||||
| CVE-2015-8925 | 3 Canonical, Libarchive, Suse | 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more | 2018-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. | |||||
| CVE-2015-2611 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2018-01-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2015-2617 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2018-01-05 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. | |||||
| CVE-2015-1856 | 2 Canonical, Openstack | 2 Ubuntu Linux, Swift | 2018-01-05 | 5.5 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | |||||
| CVE-2015-4772 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2018-01-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | |||||