This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2010-07-12
Product Ubuntu Linux Last view 2016-12-16
Version 10.04 Type Os
Update -  
Edition lts  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

7.8 2015-02-24 CVE-2014-9402

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.

5 2014-11-14 CVE-2014-7815

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

6.8 2014-10-20 CVE-2014-3564

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

6.8 2014-10-15 CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

7.5 2014-09-08 CVE-2014-3618

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."

1.2 2014-07-23 CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

2.1 2014-05-22 CVE-2012-6648

gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue.

4.3 2014-05-16 CVE-2014-3730

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

6.4 2014-05-16 CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

7.5 2014-05-15 CVE-2014-0211

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

7.5 2014-05-15 CVE-2014-0210

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

4.6 2014-05-15 CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

4.3 2014-05-13 CVE-2011-4407

ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.

4.9 2014-05-08 CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.

5 2014-04-30 CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

6.4 2014-04-27 CVE-2011-3152

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

10 2014-04-23 CVE-2014-0474

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

5 2014-04-23 CVE-2014-0473

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

5.1 2014-04-23 CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

1.9 2014-04-17 CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.

6.9 2014-04-15 CVE-2011-3628

Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.

4.4 2014-03-14 CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

CWE : Common Weakness Enumeration

%idName
17% (11) CWE-264 Permissions, Privileges, and Access Controls
16% (10) CWE-189 Numeric Errors
14% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (9) CWE-20 Improper Input Validation
8% (5) CWE-200 Information Exposure
4% (3) CWE-399 Resource Management Errors
4% (3) CWE-310 Cryptographic Issues
4% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
4% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
4% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
3% (2) CWE-362 Race Condition
1% (1) CWE-16 Configuration

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
77642 Update Manager Tar File Handling MitM Remote Arbitrary File Overwrite
77641 Update Manager Insecure Temporary File Creation Local .XAUTHORITY File Discl...
77451 apt Verify-Host Option SSL Certificate Validation MitM Remote Repository Cred...
76940 icedtea-web Web Browser Plugin Applet Handling Same Origin Policy Bypass
74630 tex-common conf/texmf.d/95NonPath.cnf shell_escape_commands Directive Crafted...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
66116 Ubuntu pam MOTD Module User File Stamps Symlink Privilege Escalation

ExploitDB Exploits

id Description
18040 Xorg 1.4 to 1.11.2 File Permission Change PoC
14339 Ubuntu PAM MOTD Local Root Exploit
14273 Ubuntu PAM MOTD File Tampering (Privilege Escalation)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-27 Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-12-26 Name : Fedora Update for qt FEDORA-2012-19715
File : nvt/gb_fedora_2012_19715_qt_fc16.nasl
2012-12-18 Name : Ubuntu Update for glibc USN-1589-2
File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-12-14 Name : Fedora Update for qt FEDORA-2012-19759
File : nvt/gb_fedora_2012_19759_qt_fc17.nasl
2012-10-03 Name : Ubuntu Update for eglibc USN-1589-1
File : nvt/gb_ubuntu_USN_1589_1.nasl
2012-08-30 Name : Fedora Update for glibc FEDORA-2012-11508
File : nvt/gb_fedora_2012_11508_glibc_fc17.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1097 centos5
File : nvt/gb_CESA-2012_1097_glibc_centos5.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1098 centos6
File : nvt/gb_CESA-2012_1098_glibc_centos6.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1097-01
File : nvt/gb_RHSA-2012_1097-01_glibc.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1098-01
File : nvt/gb_RHSA-2012_1098-01_glibc.nasl
2012-07-09 Name : RedHat Update for icedtea-web RHSA-2011:1441-01
File : nvt/gb_RHSA-2011_1441-01_icedtea-web.nasl
2012-06-22 Name : Ubuntu Update for php5 USN-1481-1
File : nvt/gb_ubuntu_USN_1481_1.nasl
2012-06-08 Name : Ubuntu Update for ubuntuone-client USN-1465-3
File : nvt/gb_ubuntu_USN_1465_3.nasl
2012-06-08 Name : Ubuntu Update for ubuntuone-storage-protocol USN-1465-2
File : nvt/gb_ubuntu_USN_1465_2.nasl
2012-06-08 Name : Ubuntu Update for ubuntuone-client USN-1465-1
File : nvt/gb_ubuntu_USN_1465_1.nasl
2012-03-19 Name : Fedora Update for icedtea-web FEDORA-2011-15691
File : nvt/gb_fedora_2011_15691_icedtea-web_fc16.nasl
2012-03-12 Name : Debian Security Advisory DSA 2420-1 (openjdk-6)
File : nvt/deb_2420_1.nasl
2012-02-21 Name : Ubuntu Update for update-manager USN-1284-2
File : nvt/gb_ubuntu_USN_1284_2.nasl
2012-02-11 Name : Debian Security Advisory DSA 2364-1 (xorg)
File : nvt/deb_2364_1.nasl
2012-02-01 Name : Ubuntu Update for xorg USN-1349-1
File : nvt/gb_ubuntu_USN_1349_1.nasl
2012-02-01 Name : Ubuntu Update for software-properties USN-1352-1
File : nvt/gb_ubuntu_USN_1352_1.nasl
2012-01-25 Name : Ubuntu Update for openjdk-6 USN-1263-2
File : nvt/gb_ubuntu_USN_1263_2.nasl
2011-12-02 Name : Ubuntu Update for apt USN-1283-1
File : nvt/gb_ubuntu_USN_1283_1.nasl
2011-12-02 Name : Ubuntu Update for update-manager USN-1284-1
File : nvt/gb_ubuntu_USN_1284_1.nasl
2011-11-25 Name : Ubuntu Update for kdeutils USN-1276-1
File : nvt/gb_ubuntu_USN_1276_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2014-B-0161 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0057717
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-A-0030 Apple Mac OS X Security Update 2014-001
Severity: Category I - VMSKEY: V0044547
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0093 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0040108
2013-B-0035 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0037619

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2
2015-10-01 QEMU VNC set-pixel-format memory corruption attempt
RuleID : 35851 - Type : SERVER-OTHER - Revision : 2
2014-01-10 PostgreSQL database name command line injection attempt
RuleID : 26586 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16365.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1272.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1017.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0805.nasl - Type: ACT_GATHER_INFO
2017-12-08 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3231-1.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1146.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1147.nasl - Type: ACT_GATHER_INFO
2017-05-02 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: oracle_secure_global_desktop_apr_2017_cpu.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2016-10-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2628-1.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1745-1.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201606-17.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0056.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0062.nasl - Type: ACT_GATHER_INFO
2016-06-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1445-1.nasl - Type: ACT_GATHER_INFO
2016-05-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1318-1.nasl - Type: ACT_GATHER_INFO
2016-04-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-1154-1.nasl - Type: ACT_GATHER_INFO
2016-04-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-439.nasl - Type: ACT_GATHER_INFO
2016-04-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0955-1.nasl - Type: ACT_GATHER_INFO
2016-04-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-413.nasl - Type: ACT_GATHER_INFO
2016-03-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0873-1.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL40131068.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL75253136.nasl - Type: ACT_GATHER_INFO