CVE search results

91 – 100 of 1357 results

Detailed view

Sort by:

CVE-2012-5578

Medium priority

Some fixes available 5 of 6

Python keyring has insecure permissions on new databases allowing world-readable files to be created

1 affected package

python-keyring

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-keyring	—	—	—	—	—

In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling...

22 affected packages

linux, linux-armadaxp, linux-linaro-omap, linux-linaro-shared, linux-linaro-vexpress...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-linaro-omap	—	—	—	—	—
linux-linaro-shared	—	—	—	—	—
linux-linaro-vexpress	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-qcm-msm	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—
linux-goldfish	—	—	—	—	—
linux-grouper	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-flo	—	—	—	—	—
linux-lts-saucy	—	—	—	—	—
linux-lts-trusty	—	—	—	—	—
linux-lts-utopic	—	—	—	—	—
linux-lts-vivid	—	—	—	—	—
linux-lts-wily	—	—	—	—	—
linux-lts-xenial	—	—	—	—	—
linux-maguro	—	—	—	—	—
linux-mako	—	—	—	—	—
linux-manta	—	—	—	—	—
linux-raspi2	—	—	—	—	—

CVE-2010-2243

Low priority

Ignored

A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.

11 affected packages

linux, linux-armadaxp, linux-ec2, linux-fsl-imx51, linux-lts-backport-maverick...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-ec2	—	—	—	—	—
linux-fsl-imx51	—	—	—	—	—
linux-lts-backport-maverick	—	—	—	—	—
linux-lts-backport-natty	—	—	—	—	—
linux-lts-backport-oneiric	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-mvl-dove	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—

CVE-2014-8181

Low priority

Ignored

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

27 affected packages

linux, linux-armadaxp, linux-aws, linux-flo, linux-gke...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
linux	—	—	—	—	—
linux-armadaxp	—	—	—	—	—
linux-aws	—	—	—	—	—
linux-flo	—	—	—	—	—
linux-gke	—	—	—	—	—
linux-goldfish	—	—	—	—	—
linux-grouper	—	—	—	—	—
linux-hwe	—	—	—	—	—
linux-hwe-edge	—	—	—	—	—
linux-linaro-omap	—	—	—	—	—
linux-linaro-shared	—	—	—	—	—
linux-linaro-vexpress	—	—	—	—	—
linux-lts-quantal	—	—	—	—	—
linux-lts-raring	—	—	—	—	—
linux-lts-saucy	—	—	—	—	—
linux-lts-trusty	—	—	—	—	—
linux-lts-utopic	—	—	—	—	—
linux-lts-vivid	—	—	—	—	—
linux-lts-wily	—	—	—	—	—
linux-lts-xenial	—	—	—	—	—
linux-maguro	—	—	—	—	—
linux-mako	—	—	—	—	—
linux-manta	—	—	—	—	—
linux-qcm-msm	—	—	—	—	—
linux-raspi2	—	—	—	—	—
linux-snapdragon	—	—	—	—	—
linux-ti-omap4	—	—	—	—	—

CVE-2011-3923

Medium priority

Ignored

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

2 affected packages

libspring-2.5-java, libstruts1.2-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-2.5-java	—	—	—	—	Not in release
libstruts1.2-java	—	—	—	—	Not in release

CVE-2012-5577

Medium priority

Some fixes available 5 of 6

Python keyring lib before 0.10 created keyring files with world-readable permissions.

1 affected package

python-keyring

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-keyring	—	—	—	—	—

CVE-2019-11272

Medium priority

Not in release

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is...

1 affected package

libspring-security-2.0-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-security-2.0-java	—	—	—	Not in release	Not in release

CVE-2019-3795

Low priority

Not in release

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order...

1 affected package

libspring-security-2.0-java

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libspring-security-2.0-java	—	—	—	—	Not in release

CVE-2018-20781

Medium priority

Fixed

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

1 affected package

gnome-keyring

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnome-keyring	—	—	—	—	Not affected

CVE-2018-19358

Low priority

Ignored

GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs...

1 affected package

gnome-keyring

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnome-keyring	—	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports

CVE-2012-5578

CVE-2007-3732

CVE-2010-2243

CVE-2014-8181

CVE-2011-3923

CVE-2012-5577

CVE-2019-11272

CVE-2019-3795

CVE-2018-20781

CVE-2018-19358