canonical ubuntu linux 13.04 vulnerabilities and exploits

(subscribe to this query)

1.9

CVSSv2

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and...

Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04

4.9

CVSSv2

Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file....

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Canonical Ubuntu Linux 13.10

6.9

CVSSv2

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd...

Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Canonical Ubuntu Linux 13.10

1.9

CVSSv2

X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files....

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04

4.3

CVSSv2

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. ...

Openstack Cinder Canonical Ubuntu Linux 13.04

4.6

CVSSv2

Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2)...

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Radscan Network Audio System 1.9.3

2.6

CVSSv2

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL...

Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Httplib2 Project Httplib2 Httplib2 Project Httplib2 0.8

7.2

CVSSv2

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus...

Opensuse Opensuse 12.2 Opensuse Opensuse 12.3 Polkit Project Polkit Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Redhat Enterprise Linux 6.0

4.6

CVSSv2

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to...

Freedesktop Systemd Debian Debian Linux 7.0 Canonical Ubuntu Linux 13.04

4.4

CVSSv2

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory....

Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 13.04 Canonical Maas 12.04.1 Canonical Maas 12.04.2 Canonical Maas 12.04.3 Canonical Maas

1 2 3 4 5 6 NEXT »