This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2009-12-11
Product Ubuntu Linux Last view 2020-02-19
Version 12.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition lts  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-02-19 CVE-2015-7747

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

8.8 2020-02-06 CVE-2014-2030

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

8.8 2020-02-06 CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

6.5 2020-01-23 CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

7.8 2020-01-02 CVE-2013-4532

Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

7.5 2019-12-31 CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

7.5 2019-12-02 CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability

7.5 2019-11-29 CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

7.5 2019-11-21 CVE-2012-3543

mono 2.10.x ASP.NET Web Form Hash collision DoS

7.5 2019-11-20 CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

9.8 2019-11-20 CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

5.5 2019-11-20 CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

7.8 2019-11-04 CVE-2017-5333

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

7.8 2019-11-04 CVE-2017-5332

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

7.8 2019-11-04 CVE-2017-5331

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

9.1 2019-10-13 CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

7.8 2019-04-22 CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

8.4 2018-11-06 CVE-2018-9363

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

7.8 2018-08-31 CVE-2018-16276

An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

7.5 2018-07-30 CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

7.5 2018-06-07 CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

6.5 2017-10-10 CVE-2014-9092

libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.

9.8 2017-10-03 CVE-2017-14491

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
28% (143) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (48) CWE-20 Improper Input Validation
7% (39) CWE-399 Resource Management Errors
7% (39) CWE-264 Permissions, Privileges, and Access Controls
7% (36) CWE-200 Information Exposure
5% (29) CWE-125 Out-of-bounds Read
5% (28) CWE-189 Numeric Errors
3% (16) CWE-284 Access Control (Authorization) Issues
2% (14) CWE-17 Code
2% (11) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (10) CWE-476 NULL Pointer Dereference
1% (8) CWE-310 Cryptographic Issues
1% (8) CWE-190 Integer Overflow or Wraparound
1% (7) CWE-362 Race Condition
1% (7) CWE-254 Security Features
1% (6) CWE-787 Out-of-bounds Write
1% (6) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (4) CWE-416 Use After Free
0% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (4) CWE-19 Data Handling
0% (3) CWE-269 Improper Privilege Management
0% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (2) CWE-345 Insufficient Verification of Data Authenticity
0% (2) CWE-287 Improper Authentication

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here
Linux Dirty COW Local File Overwrite More info here

Open Source Vulnerability Database (OSVDB)

id Description
78232 libvirt bridge Forward Mode Firewall Port Access Restriction Weakness
60853 GNU Core Utilities distcheck Temporary Directory Symlink Local Privilege Esca...

ExploitDB Exploits

id Description
35359 tcpdump 4.6.2 Geonet Decoder Denial of Service
27778 Samba nttrans Reply - Integer Overflow Vulnerability

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2012-12-31 Name : Fedora Update for bind FEDORA-2012-19822
File : nvt/gb_fedora_2012_19822_bind_fc16.nasl
2012-12-14 Name : Fedora Update for bind FEDORA-2012-19830
File : nvt/gb_fedora_2012_19830_bind_fc17.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)
File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl
2012-12-14 Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)
File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl
2012-12-10 Name : CentOS Update for bind CESA-2012:1549 centos6
File : nvt/gb_CESA-2012_1549_bind_centos6.nasl
2012-12-10 Name : RedHat Update for bind RHSA-2012:1549-01
File : nvt/gb_RHSA-2012_1549-01_bind.nasl
2012-12-10 Name : Ubuntu Update for bind9 USN-1657-1
File : nvt/gb_ubuntu_USN_1657_1.nasl
2012-12-06 Name : Mandriva Update for bind MDVSA-2012:177 (bind)
File : nvt/gb_mandriva_MDVSA_2012_177.nasl
2012-11-26 Name : Fedora Update for insight FEDORA-2012-18300
File : nvt/gb_fedora_2012_18300_insight_fc16.nasl
2012-11-26 Name : Fedora Update for insight FEDORA-2012-18311
File : nvt/gb_fedora_2012_18311_insight_fc17.nasl
2012-11-26 Name : Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
File : nvt/gb_oracle_mysql_multiple_vuln03_nov12_win.nasl
2012-11-15 Name : CentOS Update for mysql CESA-2012:1462 centos6
File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl
2012-11-15 Name : RedHat Update for mysql RHSA-2012:1462-01
File : nvt/gb_RHSA-2012_1462-01_mysql.nasl
2012-11-06 Name : Ubuntu Update for mysql-5.5 USN-1621-1
File : nvt/gb_ubuntu_USN_1621_1.nasl
2012-10-23 Name : Fedora Update for dhcp FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dhcp_fc16.nasl
2012-10-23 Name : Fedora Update for dhcp FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_dhcp_fc17.nasl
2012-10-19 Name : Fedora Update for libvirt FEDORA-2012-15640
File : nvt/gb_fedora_2012_15640_libvirt_fc16.nasl
2012-10-03 Name : Mandriva Update for dhcp MDVSA-2012:153-1 (dhcp)
File : nvt/gb_mandriva_MDVSA_2012_153_1.nasl
2012-10-03 Name : Fedora Update for dhcp FEDORA-2012-14076
File : nvt/gb_fedora_2012_14076_dhcp_fc16.nasl
2012-09-27 Name : Fedora Update for dhcp FEDORA-2012-14149
File : nvt/gb_fedora_2012_14149_dhcp_fc17.nasl
2012-09-26 Name : Debian Security Advisory DSA 2551-1 (isc-dhcp)
File : nvt/deb_2551_1.nasl
2012-09-22 Name : Ubuntu Update for isc-dhcp USN-1571-1
File : nvt/gb_ubuntu_USN_1571_1.nasl
2012-09-15 Name : Slackware Advisory SSA:2012-258-01 dhcp
File : nvt/esoft_slk_ssa_2012_258_01.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083
2015-A-0141 Multiple Security Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0061061
2015-B-0087 Multiple Vulnerabilities in IBM WebSphere Portal
Severity: Category I - VMSKEY: V0061053
2015-B-0068 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0060809
2015-A-0042 Samba Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0058919
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0007 Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity: Category I - VMSKEY: V0058213
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2014-B-0021 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0044541
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2014-A-0011 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0043399
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0082 Samba Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039910
2012-B-0092 ISC DHCP Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0033809

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2018-03-01 Squid host header cache poisoning attempt
RuleID : 45569 - Type : SERVER-WEBAPP - Revision : 1
2017-07-25 Squid ESI processing buffer overflow attempt
RuleID : 43268 - Type : SERVER-WEBAPP - Revision : 2
2017-04-12 HTTP redirect to FTP server attempt
RuleID : 41906 - Type : POLICY-OTHER - Revision : 3
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41902 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41901 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41900 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41899 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41898 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41897 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41894 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41893 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41892 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41891 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41890 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41889 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41888 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41887 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41886 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41885 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41884 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41883 - Type : SERVER-OTHER - Revision : 1
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41809 - Type : FILE-IMAGE - Revision : 2
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41808 - Type : FILE-IMAGE - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1432.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1611.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2838.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1374.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1531.nasl - Type: ACT_GATHER_INFO
2018-10-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4308.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO
2018-08-30 Name: A web application running on the remote host is affected by multiple vulnerab...
File: activemq_5_15_5.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0010.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0048.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0119.nasl - Type: ACT_GATHER_INFO