This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2012-06-05
Product Ubuntu Linux Last view 2020-02-06
Version 13.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-02-06 CVE-2014-2030

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

8.8 2020-02-06 CVE-2014-1958

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

3.7 2014-10-25 CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

6.8 2014-07-29 CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

3.5 2014-07-11 CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

5 2014-06-19 CVE-2013-1068

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

7.6 2014-06-02 CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

4.3 2014-05-16 CVE-2014-3730

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

6.4 2014-05-16 CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

7.5 2014-05-15 CVE-2014-0211

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.

7.5 2014-05-15 CVE-2014-0210

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

4.6 2014-05-15 CVE-2014-0209

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.

2.1 2014-05-08 CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

4.9 2014-05-08 CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.

4.6 2014-05-01 CVE-2013-7374

The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.

9.8 2014-04-30 CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.

8.8 2014-04-30 CVE-2014-1531

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.

6.1 2014-04-30 CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

8.8 2014-04-30 CVE-2014-1529

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.

10 2014-04-30 CVE-2014-1528

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

5.8 2014-04-30 CVE-2014-1526

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.

9.3 2014-04-30 CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.

9.8 2014-04-30 CVE-2014-1524

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.

6.5 2014-04-30 CVE-2014-1523

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

CWE : Common Weakness Enumeration

%idName
19% (13) CWE-264 Permissions, Privileges, and Access Controls
12% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (7) CWE-20 Improper Input Validation
9% (6) CWE-189 Numeric Errors
6% (4) CWE-399 Resource Management Errors
6% (4) CWE-269 Improper Privilege Management
4% (3) CWE-787 Out-of-bounds Write
4% (3) CWE-416 Use After Free
4% (3) CWE-200 Information Exposure
4% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
3% (2) CWE-125 Out-of-bounds Read
3% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-362 Race Condition
1% (1) CWE-326 Inadequate Encryption Strength
1% (1) CWE-310 Cryptographic Issues
1% (1) CWE-287 Improper Authentication
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

ExploitDB Exploits

id Description
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure

OpenVAS Exploits

id Description
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2012-08-10 Name : FreeBSD Ports: ImageMagick
File : nvt/freebsd_ImageMagick7.nasl
2012-08-03 Name : Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)
File : nvt/gb_mandriva_MDVSA_2012_077.nasl
2012-08-03 Name : Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)
File : nvt/gb_mandriva_MDVSA_2012_078.nasl
2012-07-30 Name : CentOS Update for ImageMagick CESA-2012:0544 centos6
File : nvt/gb_CESA-2012_0544_ImageMagick_centos6.nasl
2012-07-30 Name : CentOS Update for ImageMagick CESA-2012:0545 centos5
File : nvt/gb_CESA-2012_0545_ImageMagick_centos5.nasl
2012-07-09 Name : RedHat Update for ImageMagick RHSA-2012:0544-01
File : nvt/gb_RHSA-2012_0544-01_ImageMagick.nasl
2012-05-08 Name : RedHat Update for ImageMagick RHSA-2012:0545-01
File : nvt/gb_RHSA-2012_0545-01_ImageMagick.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0007 Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity: Category I - VMSKEY: V0058213
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0063 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0050009
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-B-0050 McAfee Web Gateway Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0050003
2014-B-0046 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0049737
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-A-0057 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0049591
2014-A-0053 Multiple Vulnerabilities in Juniper Network JUNOS
Severity: Category I - VMSKEY: V0049589
2014-A-0054 Multiple Vulnerabilities in Oracle Database
Severity: Category I - VMSKEY: V0049587
2014-A-0055 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0049585
2014-A-0056 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0049583
2014-B-0041 Multiple Vulnerabilities in Splunk
Severity: Category I - VMSKEY: V0049577
2014-B-0042 Stunnel Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0049575
2014-A-0051 OpenSSL Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0048667
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-B-0021 Multiple Vulnerabilities in PHP
Severity: Category I - VMSKEY: V0044541
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2014-A-0017 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server
Severity: Category I - VMSKEY: V0043846
2014-A-0019 Multiple Vulnerabilities in VMware Fusion
Severity: Category I - VMSKEY: V0043844
2014-A-0011 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0043399
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0222 Multiple Vulnerabilties in VMware Workstation
Severity: Category II - VMSKEY: V0042383
2012-A-0104 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
Severity: Category I - VMSKEY: V0033046

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-03-15 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 37626 - Type : BROWSER-FIREFOX - Revision : 2
2016-03-14 Oracle Java System.arraycopy race condition attempt
RuleID : 36240 - Type : FILE-JAVA - Revision : 2
2016-03-14 Oracle Java System.arraycopy race condition attempt
RuleID : 36239 - Type : FILE-JAVA - Revision : 2
2015-08-04 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 35052 - Type : BROWSER-FIREFOX - Revision : 2
2015-08-04 Mozilla Firefox IDL fragment privilege escalation attempt
RuleID : 35051 - Type : BROWSER-FIREFOX - Revision : 2
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30788 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30787 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30786 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30785 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30784 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30783 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30782-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30782 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30781-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30781 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30780-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30780 - Type : SERVER-OTHER - Revision : 4
2014-04-25 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30779-community - Type : SERVER-OTHER - Revision : 4
2014-05-24 OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt
RuleID : 30779 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-09-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201709-05.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10698.nasl - Type: ACT_GATHER_INFO
2016-05-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16716.nasl - Type: ACT_GATHER_INFO
2016-04-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-473.nasl - Type: ACT_GATHER_INFO
2015-12-30 Name: The remote VMware ESXi host is missing a security-related patch.
File: vmware_VMSA-2014-0004_remote.nasl - Type: ACT_GATHER_INFO
2015-10-29 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_11_1.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2015-05-28 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0953-1.nasl - Type: ACT_GATHER_INFO
2015-05-28 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-0953-2.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0665-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0665-2.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0727-1.nasl - Type: ACT_GATHER_INFO
2015-05-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2014-0732-1.nasl - Type: ACT_GATHER_INFO
2015-04-22 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16476.nasl - Type: ACT_GATHER_INFO