Ubuntu

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6792 1Ubuntu 1Linux Apr 23, 2026 May 7, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters...Show more system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.Show less
CVE-2009-1573 4Branden Robinson DebianRedhat+1 more 4Debian Linux FedoraLinux+1 more Apr 23, 2026 May 6, 2009 N/A· v4 N/A· v3 4.6 MEDIUM· v2 xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its...Show more xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.Show less
CVE-2009-1295 2Apport Ubuntu 2Apport Ubuntu Apr 23, 2026 Apr 30, 2009 N/A· v4 N/A· v3 1.9 LOW· v2 Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to...Show more Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.Show less
CVE-2009-0578 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Mar 5, 2009 N/A· v4 N/A· v3 6.2 MEDIUM· v2 GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecifie...Show more GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.Show less
CVE-2009-0365 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Mar 5, 2009 N/A· v4 N/A· v3 4.6 MEDIUM· v2 nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method...Show more nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.Show less
CVE-2008-4395 2Linux Ubuntu 2Linux Kernel Linux Kernel Apr 23, 2026 Nov 6, 2008 N/A· v4 N/A· v3 8.3 HIGH· v2 Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
CVE-2008-4306 1Ubuntu 1Linux Apr 23, 2026 Nov 4, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
CVE-2008-2285 1Ubuntu 1Linux Apr 23, 2026 May 18, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was...Show more The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.Show less
CVE-2006-7229 1Ubuntu 1Linux Kernel Apr 23, 2026 Nov 15, 2007 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffi...Show more The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.Show less
CVE-2007-5365 5Debian OpenbsdRedhat+2 more 7Debian Linux Enterprise LinuxLinux Advanced Workstation+4 more Apr 23, 2026 Oct 11, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or ca...Show more Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.Show less
CVE-2007-4601 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Aug 30, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.
CVE-2007-1352 8Mandrakesoft OpenbsdRedhat+5 more 12Enterprise Linux Enterprise Linux DesktopFedora Core+9 more Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 3.8 LOW· v2 Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overfl...Show more Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.Show less
CVE-2007-1351 7Mandrakesoft OpenbsdRedhat+4 more 9Enterprise Linux Enterprise Linux DesktopLibxfont+6 more Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts,...Show more Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.Show less
CVE-2006-5649 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Dec 14, 2006 N/A· v4 5.5 MEDIUM· v3 4.6 MEDIUM· v2 Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
CVE-2006-5648 1Ubuntu 1Ubuntu Linux Apr 23, 2026 Dec 14, 2006 N/A· v4 5.5 MEDIUM· v3 4.6 MEDIUM· v2 Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be...Show more Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.Show less
CVE-2006-6235 6Gnu Gpg4winRedhat+3 more 9Enterprise Linux Enterprise Linux DesktopFedora Core+6 more Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a funct...Show more A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.Show less
CVE-2006-5466 2Rpm Ubuntu 2Package Manager Ubuntu Linux Apr 23, 2026 Nov 6, 2006 N/A· v4 N/A· v3 5.4 MEDIUM· v2 Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code...Show more Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.Show less
CVE-2006-3597 1Ubuntu 1Ubuntu Linux Apr 16, 2026 Jul 18, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, w...Show more passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.Show less
CVE-2006-3378 1Ubuntu 1Ubuntu Linux Apr 16, 2026 Jul 6, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in...Show more passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.Show less
CVE-2006-1183 1Ubuntu 1Ubuntu Linux Apr 16, 2026 Mar 13, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

Previous 123 4 5 Next