Total
4120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2934 | 3 Apple, Canonical, Mozilla | 3 Mac Os X, Ubuntu Linux, Firefox | 2024-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | |||||
| CVE-2005-1513 | 3 Canonical, Debian, Qmail Project | 3 Ubuntu Linux, Debian Linux, Qmail | 2024-02-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. | |||||
| CVE-2020-15708 | 1 Canonical | 1 Ubuntu Linux | 2024-02-08 | 4.6 MEDIUM | 7.8 HIGH |
| Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | |||||
| CVE-2004-1002 | 2 Canonical, Samba | 2 Ubuntu Linux, Ppp | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. | |||||
| CVE-2006-6811 | 2 Canonical, Kde | 2 Ubuntu Linux, Ksirc | 2024-02-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. | |||||
| CVE-2006-5779 | 2 Canonical, Openldap | 2 Ubuntu Linux, Openldap | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | |||||
| CVE-2017-15129 | 4 Canonical, Fedoraproject, Linux and 1 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2024-02-08 | 4.9 MEDIUM | 4.7 MEDIUM |
| A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | |||||
| CVE-2009-1386 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2024-02-07 | 5.0 MEDIUM | N/A |
| ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. | |||||
| CVE-2009-1378 | 2 Canonical, Openssl | 2 Ubuntu Linux, Openssl | 2024-02-07 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." | |||||
| CVE-2009-1387 | 3 Canonical, Openssl, Redhat | 3 Ubuntu Linux, Openssl, Openssl | 2024-02-07 | 5.0 MEDIUM | N/A |
| The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." | |||||
| CVE-2007-3409 | 3 Canonical, Debian, Net-dns | 3 Ubuntu Linux, Debian Linux, Net\ | 2024-02-03 | 4.3 MEDIUM | 7.5 HIGH |
| Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. | |||||
| CVE-2019-15118 | 5 Canonical, Debian, Linux and 2 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-02-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | |||||
| CVE-2010-0050 | 4 Apple, Canonical, Fedoraproject and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2024-02-03 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | |||||
| CVE-2010-0302 | 4 Apple, Canonical, Fedoraproject and 1 more | 10 Cups, Mac Os X, Mac Os X Server and 7 more | 2024-02-03 | 4.3 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. | |||||
| CVE-2008-5021 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-02 | 9.3 HIGH | N/A |
| nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. | |||||
| CVE-2010-0629 | 5 Canonical, Fedoraproject, Mit and 2 more | 5 Ubuntu Linux, Fedora, Kerberos 5 and 2 more | 2024-02-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. | |||||
| CVE-2010-2941 | 7 Apple, Canonical, Debian and 4 more | 13 Cups, Mac Os X, Mac Os X Server and 10 more | 2024-02-02 | 9.3 HIGH | 9.8 CRITICAL |
| ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | |||||
| CVE-2010-1772 | 5 Canonical, Fedoraproject, Google and 2 more | 5 Ubuntu Linux, Fedora, Chrome and 2 more | 2024-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document. | |||||
| CVE-2009-3553 | 5 Apple, Canonical, Debian and 2 more | 7 Cups, Mac Os X, Mac Os X Server and 4 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2024-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||