Vulnerabilities > Canonical > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-04 | CVE-2013-1900 | Numeric Errors vulnerability in multiple products PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." Per http://www.ubuntu.com/usn/USN-1789-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS" | 8.5 |
| 2013-04-03 | CVE-2012-6129 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." Per http://www.ubuntu.com/usn/USN-1747-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10" Per https://bugzilla.redhat.com/show_bug.cgi?id=909934 " This issue affects the version of the transmission package, as shipped with Fedora release of 16. | 7.5 |
| 2013-03-21 | CVE-2013-1052 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.10 pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | 7.2 |
| 2013-03-20 | CVE-2013-1653 | Arbitrary Code Execution vulnerability in Puppet Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request. | 7.1 |
| 2013-03-08 | CVE-2013-0249 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. | 7.5 |
| 2013-01-25 | CVE-2012-5689 | Improper Input Validation vulnerability in multiple products ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | 7.1 |
| 2012-12-06 | CVE-2012-5688 | Improper Input Validation vulnerability in multiple products ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 7.8 |
| 2012-11-21 | CVE-2012-5836 | Code Injection vulnerability in multiple products Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. | 7.5 |
| 2012-11-21 | CVE-2012-5830 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | 8.8 |
| 2012-10-16 | CVE-2012-3158 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. | 7.5 |