Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4327 3 Canonical, Debian, Systemd Project 3 Ubuntu Linux, Debian Linux, Systemd 2024-11-21 N/A
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-4314 2 Canonical, Jean-paul Calderone 2 Ubuntu Linux, Pyopenssl 2024-11-21 N/A
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVE-2013-4311 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Libvirt 2024-11-21 N/A
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-4296 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Libvirt 2024-11-21 N/A
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
CVE-2013-4288 4 Canonical, Opensuse, Polkit Project and 1 more 4 Ubuntu Linux, Opensuse, Polkit and 1 more 2024-11-21 N/A
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
CVE-2013-4256 2 Canonical, Radscan 2 Ubuntu Linux, Network Audio System 2024-11-21 N/A
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
CVE-2013-4248 3 Canonical, Php, Redhat 3 Ubuntu Linux, Php, Enterprise Linux 2024-11-21 N/A
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4242 5 Canonical, Debian, Gnupg and 2 more 6 Ubuntu Linux, Debian Linux, Gnupg and 3 more 2024-11-21 N/A
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
CVE-2013-4238 4 Canonical, Opensuse, Python and 1 more 4 Ubuntu Linux, Opensuse, Python and 1 more 2024-11-21 N/A
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-4222 4 Canonical, Fedoraproject, Openstack and 1 more 4 Ubuntu Linux, Fedora, Keystone and 1 more 2024-11-21 N/A
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
CVE-2013-4202 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Cinder, Openstack 2024-11-21 N/A
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
CVE-2013-4130 3 Canonical, Redhat, Spice Project 3 Ubuntu Linux, Enterprise Linux, Spice 2024-11-21 N/A
The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.
CVE-2013-4124 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Opensuse and 2 more 2024-11-21 N/A
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2013-4002 10 Apache, Canonical, Hp and 7 more 31 Xerces2 Java, Ubuntu Linux, Hp-ux and 28 more 2024-11-21 N/A
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
CVE-2013-3839 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2013-3812 6 Canonical, Debian, Mariadb and 3 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
CVE-2013-3809 5 Canonical, Mariadb, Opensuse and 2 more 8 Ubuntu Linux, Mariadb, Opensuse and 5 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
CVE-2013-3804 7 Canonical, Debian, Mariadb and 4 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2013-3802 7 Canonical, Debian, Mariadb and 4 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
CVE-2013-3793 6 Canonical, Debian, Mariadb and 3 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.