Vulnerabilities > Canonical > Ubuntu Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-10-03 | CVE-2013-1065 | Permissions, Privileges, and Access Controls vulnerability in multiple products backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
2013-10-03 | CVE-2013-1064 | Permissions, Privileges, and Access Controls vulnerability in Canonical Apt-Xapian-Index and Ubuntu Linux apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
2013-10-03 | CVE-2013-1063 | Permissions, Privileges, and Access Controls vulnerability in multiple products usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
2013-10-03 | CVE-2013-1062 | Permissions, Privileges, and Access Controls vulnerability in multiple products ubuntu-system-service 0.2.4 before 0.2.4.1. | 4.6 |
2013-10-03 | CVE-2013-1061 | Permissions, Privileges, and Access Controls vulnerability in multiple products dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
2013-10-01 | CVE-2013-5745 | Improper Input Validation vulnerability in multiple products The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. | 7.1 |
2013-10-01 | CVE-2012-2126 | Cryptographic Issues vulnerability in Rubygems RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | 4.3 |
2013-10-01 | CVE-2012-2125 | URI Redirection vulnerability in RubyGems RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | 5.8 |
2013-09-30 | CVE-2013-0211 | Numeric Errors vulnerability in multiple products Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | 5.0 |
2013-09-30 | CVE-2013-4314 | Improper Input Validation vulnerability in multiple products The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 4.3 |