Filtered by vendor Canonical Subscriptions
Total 4204 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-2037 2 Canonical, Httplib2 Project 2 Ubuntu Linux, Httplib2 2024-08-06 N/A
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-2021 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2024-08-06 N/A
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
CVE-2013-1987 4 Canonical, Opensuse, Redhat and 1 more 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more 2024-08-06 N/A
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.
CVE-2013-2038 2 Canonical, Gpsd Project 2 Ubuntu Linux, Gpsd 2024-08-06 N/A
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
CVE-2013-1968 5 Apache, Canonical, Collabnet and 2 more 5 Subversion, Ubuntu Linux, Subversion and 2 more 2024-08-06 N/A
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2013-1899 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2024-08-06 N/A
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
CVE-2013-1943 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2024-08-06 7.8 High
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
CVE-2013-1981 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, Libx11 2024-08-06 N/A
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.
CVE-2013-1944 3 Canonical, Haxx, Redhat 4 Ubuntu Linux, Curl, Libcurl and 1 more 2024-08-06 N/A
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
CVE-2013-1940 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, X.org-xserver 2024-08-06 N/A
X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.
CVE-2013-1865 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Folsom, Openstack 2024-08-06 N/A
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-1926 3 Canonical, Opensuse, Redhat 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more 2024-08-06 N/A
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
CVE-2013-1862 5 Apache, Canonical, Opensuse and 2 more 12 Http Server, Ubuntu Linux, Opensuse and 9 more 2024-08-06 N/A
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
CVE-2013-1927 3 Canonical, Opensuse, Redhat 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more 2024-08-06 N/A
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
CVE-2013-1896 4 Apache, Canonical, Opensuse and 1 more 11 Http Server, Ubuntu Linux, Opensuse and 8 more 2024-08-06 N/A
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
CVE-2013-1872 4 Canonical, Mesa3d, Opensuse and 1 more 4 Ubuntu Linux, Mesa, Opensuse and 1 more 2024-08-06 N/A
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
CVE-2013-1900 3 Canonical, Postgresql, Redhat 4 Ubuntu Linux, Postgresql, Cloudforms Managementengine and 1 more 2024-08-06 N/A
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
CVE-2013-1901 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2024-08-06 N/A
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2013-1860 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2024-08-06 N/A
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
CVE-2013-1861 7 Canonical, Debian, Mariadb and 4 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-08-06 N/A
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.