Filtered by vendor Canonical
Subscriptions
Total
4274 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0728 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Android and 6 more | 2025-04-12 | 7.8 High |
| The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. | ||||
| CVE-2016-1897 | 3 Canonical, Ffmpeg, Opensuse | 3 Ubuntu Linux, Ffmpeg, Leap | 2025-04-12 | N/A |
| FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. | ||||
| CVE-2016-0763 | 4 Apache, Canonical, Debian and 1 more | 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | N/A |
| The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. | ||||
| CVE-2016-0505 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. | ||||
| CVE-2015-2724 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2016-4565 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | 7.8 High |
| The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | ||||
| CVE-2015-0847 | 2 Canonical, Wouter Verhelst | 2 Ubuntu Linux, Nbd | 2025-04-12 | N/A |
| nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. | ||||
| CVE-2014-7970 | 4 Canonical, Linux, Novell and 1 more | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Server and 2 more | 2025-04-12 | 5.5 Medium |
| The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. | ||||
| CVE-2015-4474 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2014-8483 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2025-04-12 | N/A |
| The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. | ||||
| CVE-2015-0860 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2025-04-12 | N/A |
| Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. | ||||
| CVE-2014-8548 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | N/A |
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. | ||||
| CVE-2015-1236 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | ||||
| CVE-2014-8104 | 5 Canonical, Debian, Mageia and 2 more | 6 Ubuntu Linux, Debian Linux, Mageia and 3 more | 2025-04-12 | N/A |
| OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | ||||
| CVE-2016-3955 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 9.8 Critical |
| The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet. | ||||
| CVE-2014-8737 | 4 Canonical, Fedoraproject, Gnu and 1 more | 4 Ubuntu Linux, Fedora, Binutils and 1 more | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | ||||
| CVE-2015-5522 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | ||||
| CVE-2014-8080 | 4 Canonical, Opensuse, Redhat and 1 more | 5 Ubuntu Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | ||||
| CVE-2015-1235 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | ||||
| CVE-2014-3560 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2025-04-12 | N/A |
| NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | ||||