Vulnerabilities > Ubuntu > Ubuntu Linux > 6.06
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-05 | CVE-2009-0365 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. | 4.6 |
2008-11-17 | CVE-2008-5104 | Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9 Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. | 7.2 |
2008-11-17 | CVE-2008-5103 | Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9 The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. | 7.2 |
2008-07-07 | CVE-2008-2808 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. | 4.3 |
2007-10-11 | CVE-2007-5365 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | 7.2 |
2007-03-21 | CVE-2007-1463 | Unspecified vulnerability in Inkscape Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | 6.8 |
2006-12-07 | CVE-2006-6235 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | 10.0 |