Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Ubuntu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-11-06 | CVE-2006-5466 | Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages. | Package_manager, Ubuntu_linux | N/A | ||
| 2006-07-18 | CVE-2006-3597 | passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. | Ubuntu_linux | N/A | ||
| 2006-07-06 | CVE-2006-3378 | passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | Ubuntu_linux | N/A | ||
| 2006-03-13 | CVE-2006-1183 | The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | Ubuntu_linux | N/A | ||
| 2006-01-09 | CVE-2006-0151 | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. | Sudo, Ubuntu_linux | N/A | ||
| 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | Linux, Debian_linux, Cups, Linux, Kdegraphics, Koffice, Kpdf, Kword, Libextractor, Mandrake_linux, Mandrake_linux_corporate_server, Poppler, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Openserver, Propack, Slackware_linux, Suse_linux, Tetex, Secure_linux, Turbolinux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_multimedia, Turbolinux_personal, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux, Xpdf | N/A | ||
| 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | Linux, Debian_linux, Cups, Linux, Kdegraphics, Koffice, Kpdf, Kword, Libextractor, Mandrake_linux, Mandrake_linux_corporate_server, Poppler, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Openserver, Propack, Slackware_linux, Suse_linux, Tetex, Secure_linux, Turbolinux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_multimedia, Turbolinux_personal, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux, Xpdf | N/A | ||
| 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. | Linux, Debian_linux, Cups, Linux, Kdegraphics, Koffice, Kpdf, Kword, Libextractor, Mandrake_linux, Mandrake_linux_corporate_server, Poppler, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Linux_advanced_workstation, Openserver, Propack, Slackware_linux, Suse_linux, Tetex, Secure_linux, Turbolinux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_multimedia, Turbolinux_personal, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux, Xpdf | N/A | ||
| 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | Freebsd, Linux, Gzip, Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation, Secure_linux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux | N/A | ||
| 2005-04-22 | CVE-2005-0754 | Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | Linux, Linux, Kde, Quanta, Fedora_core, Ubuntu_linux | N/A |