Summary
Detail | |||
---|---|---|---|
Vendor | Canonical | First view | 2009-12-11 |
Product | Ubuntu Linux | Last view | 2021-01-14 |
Version | 14.04 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | lts | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:canonical:ubuntu_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2021-01-14 | CVE-2020-16119 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. |
7.5 | 2020-04-17 | CVE-2019-7306 | Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu |
8.8 | 2020-02-19 | CVE-2015-7747 | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. |
3.5 | 2020-01-31 | CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. |
6.5 | 2020-01-23 | CVE-2015-5278 | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. |
6.5 | 2020-01-23 | CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
5.5 | 2020-01-17 | CVE-2019-14615 | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. |
7.8 | 2020-01-02 | CVE-2013-4532 | Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
7.5 | 2019-12-31 | CVE-2013-4357 | The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. |
7.5 | 2019-12-02 | CVE-2012-4428 | openslp: SLPIntersectStringList()' Function has a DoS vulnerability |
7.5 | 2019-11-29 | CVE-2015-3406 | The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. |
7.5 | 2019-11-20 | CVE-2015-3167 | contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. |
9.8 | 2019-11-20 | CVE-2015-3166 | The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. |
5.5 | 2019-11-20 | CVE-2015-1607 | kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." |
9.1 | 2019-10-13 | CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
5.3 | 2019-06-11 | CVE-2019-0220 | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. |
5.3 | 2019-06-11 | CVE-2019-0196 | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. |
9.8 | 2019-04-23 | CVE-2019-7304 | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. |
7.5 | 2019-04-23 | CVE-2019-7303 | A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4. |
7.8 | 2019-04-22 | CVE-2015-1341 | Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. |
7.5 | 2019-04-11 | CVE-2019-9628 | The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. |
6.5 | 2019-04-11 | CVE-2019-3460 | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. |
6.5 | 2019-04-11 | CVE-2019-3459 | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. |
9.8 | 2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
7.5 | 2019-04-08 | CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
18% (239) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
9% (120) | CWE-125 | Out-of-bounds Read |
7% (92) | CWE-20 | Improper Input Validation |
6% (79) | CWE-787 | Out-of-bounds Write |
6% (79) | CWE-476 | NULL Pointer Dereference |
5% (76) | CWE-200 | Information Exposure |
5% (70) | CWE-416 | Use After Free |
4% (54) | CWE-190 | Integer Overflow or Wraparound |
3% (48) | CWE-772 | Missing Release of Resource after Effective Lifetime |
3% (45) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (37) | CWE-399 | Resource Management Errors |
2% (28) | CWE-189 | Numeric Errors |
1% (22) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (22) | CWE-362 | Race Condition |
1% (22) | CWE-284 | Access Control (Authorization) Issues |
1% (18) | CWE-17 | Code |
1% (16) | CWE-254 | Security Features |
1% (16) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (14) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
0% (13) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (11) | CWE-310 | Cryptographic Issues |
0% (10) | CWE-704 | Incorrect Type Conversion or Cast |
0% (10) | CWE-330 | Use of Insufficiently Random Values |
0% (9) | CWE-415 | Double Free |
0% (8) | CWE-770 | Allocation of Resources Without Limits or Throttling |
SAINT Exploits
Description | Link |
---|---|
Exim SMTP listener base64d function one-character buffer overflow | More info here |
Ubuntu overlayfs privilege elevation | More info here |
libssh authentication bypass | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78232 | libvirt bridge Forward Mode Firewall Port Access Restriction Weakness |
60853 | GNU Core Utilities distcheck Temporary Directory Symlink Local Privilege Esca... |
ExploitDB Exploits
id | Description |
---|---|
35359 | tcpdump 4.6.2 Geonet Decoder Denial of Service |
OpenVAS Exploits
id | Description |
---|---|
2012-11-26 | Name : Fedora Update for insight FEDORA-2012-18300 File : nvt/gb_fedora_2012_18300_insight_fc16.nasl |
2012-11-26 | Name : Fedora Update for insight FEDORA-2012-18311 File : nvt/gb_fedora_2012_18311_insight_fc17.nasl |
2012-10-19 | Name : Fedora Update for libvirt FEDORA-2012-15640 File : nvt/gb_fedora_2012_15640_libvirt_fc16.nasl |
2012-08-24 | Name : Fedora Update for libvirt FEDORA-2012-11843 File : nvt/gb_fedora_2012_11843_libvirt_fc16.nasl |
2012-04-02 | Name : Fedora Update for libvirt FEDORA-2011-17267 File : nvt/gb_fedora_2011_17267_libvirt_fc16.nasl |
2010-01-25 | Name : Mandriva Update for coreutils MDVSA-2010:024 (coreutils) File : nvt/gb_mandriva_MDVSA_2010_024.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13181 (coreutils) File : nvt/fcore_2009_13181.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13216 (coreutils) File : nvt/fcore_2009_13216.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
2015-A-0174 | Multiple Vulnerabilities in Apache HTTP Server Severity: Category I - VMSKEY: V0061135 |
2015-A-0160 | Multiple Vulnerabilities in Oracle Linux and Virtualization Severity: Category I - VMSKEY: V0061123 |
2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
2015-A-0155 | Multiple Vulnerabilities in Oracle MySQL Product Suite Severity: Category I - VMSKEY: V0061083 |
2015-A-0141 | Multiple Security Vulnerabilities in IBM WebSphere Application Server Severity: Category I - VMSKEY: V0061061 |
2015-B-0087 | Multiple Vulnerabilities in IBM WebSphere Portal Severity: Category I - VMSKEY: V0061053 |
2015-B-0068 | Multiple Vulnerabilities in PostgreSQL Severity: Category I - VMSKEY: V0060809 |
2015-A-0042 | Samba Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0058919 |
2015-A-0038 | Multiple Vulnerabilities in GNU C Library (glibc) Severity: Category I - VMSKEY: V0058753 |
2015-B-0013 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0058515 |
2015-B-0014 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0058513 |
2015-B-0007 | Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa... Severity: Category I - VMSKEY: V0058213 |
2014-B-0105 | Samba Remote Code Execution Severity: Category I - VMSKEY: V0053637 |
2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
2014-A-0056 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0049583 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-02-04 | dnsmasq crafted OPT record denial of service attempt RuleID : 52524 - Type : PROTOCOL-DNS - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52397 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52396 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52395 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52394 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52393 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52344 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | ISC BIND deny-answer-aliases denial of service attempt RuleID : 52343 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | Imagemagick XBM tranformation information leak attempt RuleID : 52312 - Type : FILE-IMAGE - Revision : 1 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52133 - Type : FILE-OTHER - Revision : 2 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52132 - Type : FILE-OTHER - Revision : 2 |
2019-11-19 | Ghostscript -dSAFER sandbox bypass attempt RuleID : 51945 - Type : FILE-OTHER - Revision : 1 |
2019-10-23 | PHP http fopen stack buffer overflow attempt RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51097 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51096 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51095 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51094 - Type : FILE-IMAGE - Revision : 2 |
2019-07-02 | Debian apt remote code execution attempt RuleID : 50190 - Type : OS-LINUX - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Type : SERVER-OTHER - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Type : SERVER-OTHER - Revision : 1 |
2019-04-18 | Snapd dirty_sock exploit download attempt RuleID : 49489 - Type : FILE-OTHER - Revision : 1 |
2019-04-18 | Snapd dirty_sock exploit download attempt RuleID : 49488 - Type : FILE-OTHER - Revision : 1 |
2019-04-18 | Snapd dirty_sock exploit download attempt RuleID : 49487 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-18 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2019-013-01.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-086.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-088.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-089.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO |