Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2006-05-09 CVE-2006-2275 Improper Locking vulnerability in multiple products
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
network
low complexity
lksctp canonical CWE-667
7.5
2006-04-14 CVE-2006-1741 Cross-Site Scripting vulnerability in multiple products
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
4.3
2006-04-14 CVE-2006-1729 Improper Input Validation vulnerability in multiple products
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
4.3
2006-04-14 CVE-2006-1728 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
network
mozilla canonical
critical
9.3
2006-04-14 CVE-2006-1727 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
network
high complexity
mozilla canonical
7.6
2005-12-31 CVE-2005-4808 Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
network
high complexity
gnu canonical
7.6
2005-12-31 CVE-2005-4807 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
network
low complexity
gnu canonical CWE-119
7.5
2005-09-30 CVE-2005-3106 Improper Locking vulnerability in multiple products
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
local
high complexity
linux debian canonical CWE-667
4.7
2005-09-16 CVE-2005-2946 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
network
low complexity
openssl canonical CWE-327
7.5
2005-09-14 CVE-2005-2492 Permissions, Privileges, and Access Controls vulnerability in multiple products
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
local
low complexity
canonical redhat linux CWE-264
3.6