Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-10-25 | CVE-2005-2970 | Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. | Http_server, Ubuntu_linux, Fedora_core, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2006-07-28 | CVE-2006-3747 | Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. | Http_server, Ubuntu_linux, Debian_linux | N/A | ||
| 2007-08-23 | CVE-2007-3847 | The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. | Http_server, Ubuntu_linux, Fedora, Fedora_core | N/A | ||
| 2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A | ||
| 2009-11-09 | CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions,... | Http_server, Ubuntu_linux, Debian_linux, Nginx, Fedora, Gnutls, Nss, Openssl | N/A | ||
| 2008-09-12 | CVE-2008-3529 | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | Iphone_os, Mac_os_x, Safari, Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
| 2008-06-13 | CVE-2008-2364 | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | Http_server, Ubuntu_linux, Fedora, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
| 2008-07-09 | CVE-2008-2812 | The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. | Communication_manager, Expanded_meet\-Me_conferencing, Intuity_audix_lx, Meeting_exchange, Message_networking, Messaging_storage_server, Proactive_contact, Sip_enablement_services, Ubuntu_linux, Debian_linux, Linux_kernel, Linux_desktop, Opensuse, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server | 7.8 | ||
| 2008-07-09 | CVE-2008-2931 | The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | Ubuntu_linux, Debian_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Opensuse | 7.8 | ||
| 2008-11-13 | CVE-2008-5019 | The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. | Ubuntu_linux, Debian_linux, Firefox | N/A |