Vulnerabilities > Ubuntu > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-05 | CVE-2009-0578 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 8.10 GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console. | 6.2 |
2009-03-05 | CVE-2009-0365 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | 4.6 |
2008-07-07 | CVE-2008-2808 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | 4.3 |
2008-05-18 | CVE-2008-2285 | Cryptographic Issues vulnerability in Ubuntu Linux 7.04/7.10/8.04 The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool. | 5.0 |
2008-01-17 | CVE-2008-0172 | Improper Input Validation vulnerability in Boost 1.33/1.34 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. | 5.0 |
2007-10-29 | CVE-2007-3920 | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | 6.2 |
2007-10-01 | CVE-2007-5159 | Permissions, Privileges, and Access Controls vulnerability in Ntfs-3G The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | 4.6 |
2007-08-30 | CVE-2007-4601 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 7.04 A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information. | 5.0 |
2007-05-13 | CVE-2007-2637 | Remote Security vulnerability in MoinMoin MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | 5.0 |
2007-03-21 | CVE-2007-1463 | Unspecified vulnerability in Inkscape Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | 6.8 |