Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2006-05-09 CVE-2006-2275 Improper Locking vulnerability in multiple products
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
network
low complexity
lksctp canonical CWE-667
7.5
2005-09-30 CVE-2005-3106 Improper Locking vulnerability in multiple products
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
local
high complexity
linux debian canonical CWE-667
4.7
2005-09-16 CVE-2005-2946 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
network
low complexity
openssl canonical CWE-327
7.5
2005-05-11 CVE-2005-1513 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
network
low complexity
qmail-project canonical debian CWE-190
critical
9.8
2005-05-02 CVE-2005-1111 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
local
high complexity
gnu debian canonical CWE-367
4.7
2005-03-01 CVE-2004-1002 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
network
low complexity
samba canonical CWE-191
7.5
2004-12-31 CVE-2004-2154 Improper Handling of Case Sensitivity vulnerability in multiple products
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
network
low complexity
apple canonical CWE-178
critical
9.8