This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2016-11-27
Product Ubuntu Linux Last view 2020-06-15
Version 14.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition esm  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-15 CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.9 2020-06-03 CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

3.3 2020-04-28 CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.

6 2020-04-06 CVE-2020-11565

** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.†.

5.5 2020-02-20 CVE-2011-4915

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

3.3 2020-02-08 CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling.

3.3 2020-02-08 CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

4.7 2020-02-08 CVE-2019-11482

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

7.8 2020-02-08 CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

6.5 2019-12-23 CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

7.8 2019-12-15 CVE-2019-19807

In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

5.4 2019-12-10 CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

5.3 2019-12-10 CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

6.6 2019-12-03 CVE-2019-19529

In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

9.8 2019-12-01 CVE-2019-18609

An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.

4.7 2019-11-27 CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

4.7 2019-11-18 CVE-2019-19083

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.

4.7 2019-11-18 CVE-2019-19082

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.

4.6 2019-11-18 CVE-2019-19068

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

4.7 2019-11-18 CVE-2019-19066

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

4.6 2019-11-18 CVE-2019-19063

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

4.7 2019-11-18 CVE-2019-19062

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

4.7 2019-11-18 CVE-2019-19058

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.

4.7 2019-11-18 CVE-2019-19056

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.

4.4 2019-11-18 CVE-2019-19045

A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.

CWE : Common Weakness Enumeration

%idName
22% (12) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
9% (5) CWE-476 NULL Pointer Dereference
9% (5) CWE-200 Information Exposure
9% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (5) CWE-20 Improper Input Validation
5% (3) CWE-416 Use After Free
5% (3) CWE-269 Improper Privilege Management
3% (2) CWE-787 Out-of-bounds Write
3% (2) CWE-287 Improper Authentication
3% (2) CWE-190 Integer Overflow or Wraparound
3% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (1) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
1% (1) CWE-362 Race Condition
1% (1) CWE-295 Certificate Issues
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-264 Permissions, Privileges, and Access Controls
1% (1) CWE-125 Out-of-bounds Read
1% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Snort® IPS/IDS

Date Description
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2014-01-10 PHP uri tag injection attempt
RuleID : 23111 - Type : POLICY-OTHER - Revision : 12
2014-01-10 PHP function CRLF injection attempt
RuleID : 12360 - Type : SERVER-WEBAPP - Revision : 11

Nessus® Vulnerability Scanner

id Description
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO