Filtered by vendor Ubuntu
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
75 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-4601 | 1 Ubuntu | 1 Ubuntu Linux | 2024-08-07 | N/A |
A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information. | ||||
CVE-2007-4137 | 6 Conectiva, Gentoo, Mandrakesoft and 3 more | 8 Linux, Linux, Mandrake Linux and 5 more | 2024-08-07 | N/A |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | ||||
CVE-2007-3920 | 4 Compiz, Gnome, Redhat and 1 more | 4 Compiz, Screensaver, Enterprise Linux and 1 more | 2024-08-07 | N/A |
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | ||||
CVE-2007-2637 | 2 Moinmoin, Ubuntu | 2 Moinmoin, Ubuntu Linux | 2024-08-07 | N/A |
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | ||||
CVE-2007-1463 | 2 Inkscape, Ubuntu | 2 Inkscape, Ubuntu Linux | 2024-08-07 | N/A |
Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | ||||
CVE-2007-1352 | 8 Mandrakesoft, Openbsd, Redhat and 5 more | 14 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 11 more | 2024-08-07 | N/A |
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. | ||||
CVE-2007-1351 | 7 Mandrakesoft, Openbsd, Redhat and 4 more | 11 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall and 8 more | 2024-08-07 | N/A |
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. | ||||
CVE-2008-5103 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-08-07 | N/A |
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | ||||
CVE-2008-5104 | 2 Dcgrendel, Ubuntu | 2 Vmbuilder, Ubuntu Linux | 2024-08-07 | N/A |
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | ||||
CVE-2008-2808 | 3 Mozilla, Redhat, Ubuntu | 10 Firefox, Seamonkey, Thunderbird and 7 more | 2024-08-07 | N/A |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | ||||
CVE-2008-0172 | 3 Boost, Redhat, Ubuntu | 3 Boost, Enterprise Linux, Ubuntu Linux | 2024-08-07 | N/A |
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. | ||||
CVE-2009-2939 | 3 Debian, Postfix, Ubuntu | 3 Debian Linux, Postfix, Ubuntu Linux | 2024-08-07 | N/A |
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | ||||
CVE-2009-0578 | 2 Redhat, Ubuntu | 2 Enterprise Linux, Ubuntu Linux | 2024-08-07 | N/A |
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | ||||
CVE-2009-0365 | 2 Redhat, Ubuntu | 2 Enterprise Linux, Ubuntu Linux | 2024-08-07 | N/A |
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | ||||
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2024-08-01 | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |