Summary
Detail | |||
---|---|---|---|
Vendor | Canonical | First view | 2009-12-11 |
Product | Ubuntu Linux | Last view | 2021-01-14 |
Version | 12.04 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | lts | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:canonical:ubuntu_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2021-01-14 | CVE-2020-16119 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. |
8.8 | 2020-02-19 | CVE-2015-7747 | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. |
8.8 | 2020-02-06 | CVE-2014-2030 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. |
8.8 | 2020-02-06 | CVE-2014-1958 | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. |
3.5 | 2020-01-31 | CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. |
6.5 | 2020-01-23 | CVE-2015-5278 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. |
6.5 | 2020-01-23 | CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
7.8 | 2020-01-02 | CVE-2013-4532 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
7.5 | 2019-12-31 | CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
7.5 | 2019-12-02 | CVE-2012-4428 | openslp: SLPIntersectStringList()' Function has a DoS vulnerability |
7.5 | 2019-11-29 | CVE-2015-3406 | The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. |
7.5 | 2019-11-21 | CVE-2012-3543 | mono 2.10.x ASP.NET Web Form Hash collision DoS |
7.5 | 2019-11-20 | CVE-2015-3167 | contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. |
9.8 | 2019-11-20 | CVE-2015-3166 | The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. |
5.5 | 2019-11-20 | CVE-2015-1607 | kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." |
7.8 | 2019-11-04 | CVE-2017-5333 | Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. |
7.8 | 2019-11-04 | CVE-2017-5332 | The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. |
7.8 | 2019-11-04 | CVE-2017-5331 | Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. |
9.1 | 2019-10-13 | CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
7.8 | 2019-04-22 | CVE-2015-1341 | Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. |
8.4 | 2018-11-06 | CVE-2018-9363 | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. |
7.8 | 2018-08-31 | CVE-2018-16276 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. |
7.5 | 2018-07-30 | CVE-2016-9597 | It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. |
7.5 | 2018-06-07 | CVE-2018-12015 | In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. |
6.5 | 2017-10-10 | CVE-2014-9092 | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (136) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9% (45) | CWE-20 | Improper Input Validation |
8% (38) | CWE-264 | Permissions, Privileges, and Access Controls |
7% (35) | CWE-399 | Resource Management Errors |
6% (30) | CWE-200 | Information Exposure |
5% (27) | CWE-189 | Numeric Errors |
5% (27) | CWE-125 | Out-of-bounds Read |
3% (16) | CWE-284 | Access Control (Authorization) Issues |
2% (14) | CWE-17 | Code |
2% (10) | CWE-476 | NULL Pointer Dereference |
2% (10) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (8) | CWE-190 | Integer Overflow or Wraparound |
1% (7) | CWE-310 | Cryptographic Issues |
1% (7) | CWE-254 | Security Features |
1% (7) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
1% (6) | CWE-362 | Race Condition |
1% (5) | CWE-787 | Out-of-bounds Write |
1% (5) | CWE-416 | Use After Free |
0% (4) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
0% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
0% (4) | CWE-19 | Data Handling |
0% (3) | CWE-269 | Improper Privilege Management |
0% (3) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
0% (2) | CWE-345 | Insufficient Verification of Data Authenticity |
0% (2) | CWE-287 | Improper Authentication |
SAINT Exploits
Description | Link |
---|---|
Ubuntu overlayfs privilege elevation | More info here |
Linux Dirty COW Local File Overwrite | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78232 | libvirt bridge Forward Mode Firewall Port Access Restriction Weakness |
60853 | GNU Core Utilities distcheck Temporary Directory Symlink Local Privilege Esca... |
ExploitDB Exploits
id | Description |
---|---|
35359 | tcpdump 4.6.2 Geonet Decoder Denial of Service |
27778 | Samba nttrans Reply - Integer Overflow Vulnerability |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities) File : nvt/deb_2581_1.nasl |
2012-12-31 | Name : Fedora Update for bind FEDORA-2012-19822 File : nvt/gb_fedora_2012_19822_bind_fc16.nasl |
2012-12-14 | Name : Fedora Update for bind FEDORA-2012-19830 File : nvt/gb_fedora_2012_19830_bind_fc17.nasl |
2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln03_dec12_lin.nasl |
2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln03_dec12_macosx.nasl |
2012-12-14 | Name : Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln03_dec12_win.nasl |
2012-12-10 | Name : CentOS Update for bind CESA-2012:1549 centos6 File : nvt/gb_CESA-2012_1549_bind_centos6.nasl |
2012-12-10 | Name : RedHat Update for bind RHSA-2012:1549-01 File : nvt/gb_RHSA-2012_1549-01_bind.nasl |
2012-12-10 | Name : Ubuntu Update for bind9 USN-1657-1 File : nvt/gb_ubuntu_USN_1657_1.nasl |
2012-12-06 | Name : Mandriva Update for bind MDVSA-2012:177 (bind) File : nvt/gb_mandriva_MDVSA_2012_177.nasl |
2012-11-26 | Name : Fedora Update for insight FEDORA-2012-18300 File : nvt/gb_fedora_2012_18300_insight_fc16.nasl |
2012-11-26 | Name : Fedora Update for insight FEDORA-2012-18311 File : nvt/gb_fedora_2012_18311_insight_fc17.nasl |
2012-11-26 | Name : Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows) File : nvt/gb_oracle_mysql_multiple_vuln03_nov12_win.nasl |
2012-11-15 | Name : CentOS Update for mysql CESA-2012:1462 centos6 File : nvt/gb_CESA-2012_1462_mysql_centos6.nasl |
2012-11-15 | Name : RedHat Update for mysql RHSA-2012:1462-01 File : nvt/gb_RHSA-2012_1462-01_mysql.nasl |
2012-11-06 | Name : Ubuntu Update for mysql-5.5 USN-1621-1 File : nvt/gb_ubuntu_USN_1621_1.nasl |
2012-10-23 | Name : Fedora Update for dhcp FEDORA-2012-15981 File : nvt/gb_fedora_2012_15981_dhcp_fc16.nasl |
2012-10-23 | Name : Fedora Update for dhcp FEDORA-2012-15965 File : nvt/gb_fedora_2012_15965_dhcp_fc17.nasl |
2012-10-19 | Name : Fedora Update for libvirt FEDORA-2012-15640 File : nvt/gb_fedora_2012_15640_libvirt_fc16.nasl |
2012-10-03 | Name : Mandriva Update for dhcp MDVSA-2012:153-1 (dhcp) File : nvt/gb_mandriva_MDVSA_2012_153_1.nasl |
2012-10-03 | Name : Fedora Update for dhcp FEDORA-2012-14076 File : nvt/gb_fedora_2012_14076_dhcp_fc16.nasl |
2012-09-27 | Name : Fedora Update for dhcp FEDORA-2012-14149 File : nvt/gb_fedora_2012_14149_dhcp_fc17.nasl |
2012-09-26 | Name : Debian Security Advisory DSA 2551-1 (isc-dhcp) File : nvt/deb_2551_1.nasl |
2012-09-22 | Name : Ubuntu Update for isc-dhcp USN-1571-1 File : nvt/gb_ubuntu_USN_1571_1.nasl |
2012-09-15 | Name : Slackware Advisory SSA:2012-258-01 dhcp File : nvt/esoft_slk_ssa_2012_258_01.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
2015-A-0174 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0061135 |
2015-A-0160 | Multiple Vulnerabilities in Oracle Linux and Virtualization Severity: Category I - VMSKEY: V0061123 |
2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
2015-A-0155 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0061083 |
2015-A-0141 | Multiple Security Vulnerabilities in IBM WebSphere Application Server Severity: Category I - VMSKEY: V0061061 |
2015-B-0087 | Multiple Vulnerabilities in IBM WebSphere Portal Severity: Category I - VMSKEY: V0061053 |
2015-B-0068 | Multiple Vulnerabilities in PostgreSQL Severity: Category I - VMSKEY: V0060809 |
2015-A-0042 | Samba Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0058919 |
2015-A-0038 | Multiple Vulnerabilities in GNU C Library (glibc) Severity: Category I - VMSKEY: V0058753 |
2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
2015-B-0007 | Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity: Category I - VMSKEY: V0058213 |
2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
2014-A-0056 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0049583 |
2014-B-0021 | Multiple Vulnerabilities in PHP Severity: Category I - VMSKEY: V0044541 |
2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
2014-A-0011 | Multiple Vulnerabilities in Oracle MySQL Products Severity: Category I - VMSKEY: V0043399 |
2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
2013-A-0179 | Apple Mac OS X Security Update 2013-004 Severity: Category I - VMSKEY: V0040373 |
2013-B-0082 | Samba Denial of Service Vulnerability Severity: Category I - VMSKEY: V0039910 |
2012-B-0092 | ISC DHCP Denial of Service Vulnerability Severity: Category I - VMSKEY: V0033809 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-03-01 | Squid host header cache poisoning attempt RuleID : 45569 - Type : SERVER-WEBAPP - Revision : 1 |
2017-07-25 | Squid ESI processing buffer overflow attempt RuleID : 43268 - Type : SERVER-WEBAPP - Revision : 2 |
2017-04-12 | HTTP redirect to FTP server attempt RuleID : 41906 - Type : POLICY-OTHER - Revision : 3 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41902 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41901 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41900 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41899 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41898 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics ephemeral access attempt RuleID : 41897 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41894 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41893 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41892 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41891 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41890 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick magick vector graphics msl access attempt RuleID : 41889 - Type : POLICY-OTHER - Revision : 2 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41888 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41887 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41886 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41885 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41884 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | ImageMagick mvg label arbitrary file read attempt RuleID : 41883 - Type : SERVER-OTHER - Revision : 1 |
2017-04-12 | cURL and libcurl set-cookie remote code execution attempt RuleID : 41853 - Type : OS-LINUX - Revision : 4 |
2017-04-06 | ImageMagick mvg processing command server side request forgery attempt RuleID : 41809 - Type : FILE-IMAGE - Revision : 2 |
2017-04-06 | ImageMagick mvg processing command server side request forgery attempt RuleID : 41808 - Type : FILE-IMAGE - Revision : 2 |
2017-01-19 | Ubuntu Apport CrashDB crash report code injection attempt RuleID : 41041 - Type : OS-LINUX - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO |
2018-12-28 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1432.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1611.nasl - Type: ACT_GATHER_INFO |
2018-12-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-1599.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2838.nasl - Type: ACT_GATHER_INFO |
2018-11-21 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1374.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1344.nasl - Type: ACT_GATHER_INFO |
2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
2018-10-04 | Name: The remote Debian host is missing a security update. File: debian_DLA-1531.nasl - Type: ACT_GATHER_INFO |
2018-10-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4308.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO |
2018-08-30 | Name: A web application running on the remote host is affected by multiple vulnerab... File: activemq_5_15_5.nasl - Type: ACT_GATHER_INFO |
2018-08-21 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0010.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0013.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0048.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0119.nasl - Type: ACT_GATHER_INFO |