CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1572 119 Exec Code Overflow 2015-02-24 2015-03-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
2 CVE-2015-0840 284 Bypass 2015-04-13 2015-04-14
4.3
None Remote Medium Not required None Partial None
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
3 CVE-2015-0247 119 Exec Code Overflow 2015-02-17 2015-03-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
4 CVE-2015-0239 362 DoS +Priv 2015-03-02 2015-03-25
4.7
None Local High Not required None Partial Complete
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
5 CVE-2015-0220 79 XSS 2015-01-16 2015-04-17
4.3
None Remote Medium Not required None Partial None
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
6 CVE-2014-9671 DoS 2015-02-08 2015-04-02
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
7 CVE-2014-8150 Http R.Spl. 2015-01-15 2015-04-17
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
8 CVE-2014-8109 264 Bypass 2014-12-29 2015-04-01
4.3
None Remote Medium Not required None Partial None
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
9 CVE-2014-7970 399 DoS 2014-10-13 2015-03-17
4.9
None Local Low Not required None None Complete
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.
10 CVE-2014-7817 20 Exec Code 2014-11-24 2015-03-17
4.6
None Local Low Not required Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
11 CVE-2014-5356 264 DoS 2014-08-25 2014-11-05
4.0
None Remote Low Single system None None Partial
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
12 CVE-2014-5253 255 2014-08-25 2014-10-10
4.9
None Remote Medium Single system Partial Partial None
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
13 CVE-2014-5252 255 Bypass 2014-08-25 2014-10-10
4.9
None Remote Medium Single system Partial Partial None
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
14 CVE-2014-5251 255 2014-08-25 2014-10-10
4.9
None Remote Medium Single system Partial Partial None
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
15 CVE-2014-3730 20 2014-05-16 2014-11-13
4.3
None Remote Medium Not required None Partial None
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
16 CVE-2014-3528 255 2014-08-19 2015-03-16
4.0
None Remote High Not required Partial Partial None
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
17 CVE-2014-3522 2014-08-19 2015-03-12
4.0
None Remote High Not required Partial Partial None
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
18 CVE-2014-3504 2014-08-19 2014-10-24
4.0
None Remote High Not required Partial Partial None
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
19 CVE-2014-3204 264 Exec Code Bypass 2014-05-06 2014-05-07
4.4
None Local Medium Not required Partial Partial Partial
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.
20 CVE-2014-3203 264 Exec Code Bypass 2014-05-06 2014-05-07
4.4
None Local Medium Not required Partial Partial Partial
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.
21 CVE-2014-0209 189 Overflow +Priv 2014-05-15 2014-12-11
4.6
None Local Low Not required Partial Partial Partial
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
22 CVE-2013-7374 264 Bypass 2014-05-01 2014-07-18
4.6
None Local Low Not required Partial Partial Partial
The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.
23 CVE-2013-6476 264 +Priv 2014-03-14 2014-03-17
4.4
None Local Medium Not required Partial Partial Partial
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
24 CVE-2013-6422 20 2013-12-23 2013-12-24
4.0
None Remote High Not required Partial Partial None
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
25 CVE-2013-4544 20 DoS Exec Code 2014-05-08 2014-05-09
4.9
None Local Network Medium Single system Partial Partial Partial
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
26 CVE-2013-4327 264 Bypass 2013-10-03 2013-12-30
4.6
None Local Low Not required Partial Partial Partial
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
27 CVE-2013-4314 20 2013-09-30 2013-12-08
4.3
None Remote Medium Not required None Partial None
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
28 CVE-2013-4311 264 Bypass 2013-10-03 2013-11-06
4.6
None Local Low Not required Partial Partial Partial
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
29 CVE-2013-4296 119 DoS Overflow 2013-09-30 2015-01-02
4.0
None Remote Low Single system None None Partial
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
30 CVE-2013-4256 119 DoS Exec Code Overflow 2013-10-09 2013-10-23
4.6
None Local Low Not required Partial Partial Partial
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
31 CVE-2013-4248 20 2013-08-17 2014-12-02
4.3
None Remote Medium Not required None Partial None
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
32 CVE-2013-4238 20 2013-08-17 2014-12-11
4.3
None Remote Medium Not required None Partial None
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
33 CVE-2013-2275 2013-03-20 2013-04-12
4.0
None Remote Low Single system None Partial None
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.
34 CVE-2013-2145 20 Exec Code Bypass 2013-08-19 2013-10-07
4.4
None Local Medium Not required Partial Partial Partial
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
35 CVE-2013-2132 DoS 2013-08-15 2013-10-07
4.3
None Remote Medium Not required None None Partial
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
36 CVE-2013-2099 399 DoS 2013-10-09 2014-12-02
4.3
None Remote Medium Not required None None Partial
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
37 CVE-2013-2038 20 DoS Exec Code 2014-02-06 2014-02-07
4.3
None Remote Medium Not required None None Partial
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.
38 CVE-2013-2021 119 DoS Overflow 2013-05-13 2014-12-11
4.3
None Remote Medium Not required None None Partial
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
39 CVE-2013-1901 264 Bypass 2013-04-04 2013-11-30
4.0
None Remote Low Single system None Partial None
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
40 CVE-2013-1838 399 DoS 2013-03-22 2013-06-04
4.0
None Remote Low Single system None None Partial
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
41 CVE-2013-1799 310 +Info 2013-04-01 2013-04-02
4.3
None Remote Medium Not required Partial None None
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.
42 CVE-2013-1652 264 2013-03-20 2013-04-12
4.9
None Remote Medium Single system Partial Partial None
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.
43 CVE-2013-1067 264 +Info 2013-10-25 2013-10-28
4.9
None Local Low Not required Complete None None
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
44 CVE-2013-1066 264 Bypass 2013-10-03 2013-10-08
4.6
None Local Low Not required Partial Partial Partial
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
45 CVE-2013-1065 264 Bypass 2013-10-03 2013-10-04
4.6
None Local Low Not required Partial Partial Partial
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
46 CVE-2013-1064 264 Bypass 2013-10-03 2013-10-08
4.6
None Local Low Not required Partial Partial Partial
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
47 CVE-2013-1063 264 Bypass 2013-10-03 2013-10-04
4.6
None Local Low Not required Partial Partial Partial
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
48 CVE-2013-1062 264 Bypass 2013-10-03 2013-10-08
4.6
None Local Low Not required Partial Partial Partial
ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
49 CVE-2013-1061 264 Bypass 2013-10-03 2013-10-04
4.6
None Local Low Not required Partial Partial Partial
dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
50 CVE-2013-1057 20 Exec Code 2013-11-17 2013-11-21
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.
Total number of vulnerabilities : 65   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.