Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1961 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2024-11-21 1.9 LOW 4.7 MEDIUM
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.
CVE-2009-1956 2 Apache, Canonical 3 Apr-util, Http Server, Ubuntu Linux 2024-11-21 6.4 MEDIUM N/A
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
CVE-2009-1955 7 Apache, Apple, Canonical and 4 more 8 Apr-util, Http Server, Mac Os X and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVE-2009-1895 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 7.2 HIGH N/A
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR).
CVE-2009-1891 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 7.1 HIGH N/A
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
CVE-2009-1890 5 Apache, Canonical, Debian and 2 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 7.1 HIGH N/A
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
CVE-2009-1888 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2024-11-21 5.8 MEDIUM N/A
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.
CVE-2009-1721 6 Apple, Canonical, Debian and 3 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 6.8 MEDIUM N/A
The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.
CVE-2009-1699 3 Apple, Canonical, Opensuse 4 Iphone Os, Safari, Ubuntu Linux and 1 more 2024-11-21 7.1 HIGH 7.5 HIGH
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
CVE-2009-1633 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 7.1 HIGH N/A
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
CVE-2009-1630 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2024-11-21 4.4 MEDIUM N/A
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
CVE-2009-1387 3 Canonical, Openssl, Redhat 3 Ubuntu Linux, Openssl, Openssl 2024-11-21 5.0 MEDIUM N/A
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
CVE-2009-1386 3 Canonical, Openssl, Redhat 3 Ubuntu Linux, Openssl, Openssl 2024-11-21 5.0 MEDIUM N/A
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
CVE-2009-1378 2 Canonical, Openssl 2 Ubuntu Linux, Openssl 2024-11-21 5.0 MEDIUM N/A
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
CVE-2009-1270 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2024-11-21 7.8 HIGH N/A
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2009-1242 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 4.9 MEDIUM N/A
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.
CVE-2009-1191 2 Apache, Canonical 2 Http Server, Ubuntu Linux 2024-11-21 5.0 MEDIUM N/A
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
CVE-2009-1186 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 2.1 LOW N/A
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
CVE-2009-1185 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 7.2 HIGH N/A
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-1072 8 Canonical, Debian, Linux and 5 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 4.9 MEDIUM N/A
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.