This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2012-08-13
Product Ubuntu Linux Last view 2020-02-19
Version 15.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2020-02-19 CVE-2015-7747

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

3.5 2020-01-31 CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

6.5 2020-01-23 CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

7.5 2019-11-29 CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

7.5 2019-11-20 CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

9.8 2019-11-20 CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

7.8 2019-04-22 CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

7.8 2019-04-22 CVE-2015-1327

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.

7.8 2017-11-06 CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

8.8 2017-09-20 CVE-2015-1329

Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

7 2017-08-25 CVE-2015-1325

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.

7.8 2017-08-25 CVE-2015-1324

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.

7.5 2017-07-21 CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

7.5 2017-07-21 CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

7.5 2017-07-21 CVE-2015-5195

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

7.5 2017-07-21 CVE-2015-5194

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

5.5 2017-07-21 CVE-2015-1323

The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.

9.8 2017-02-13 CVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

7.1 2016-06-07 CVE-2015-5261

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

7.8 2016-06-07 CVE-2015-5260

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

4.7 2016-04-21 CVE-2016-0661

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.

7.3 2016-04-14 CVE-2015-8560

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

6.5 2016-04-14 CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

5.9 2016-04-14 CVE-2011-4600

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
30% (49) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (19) CWE-264 Permissions, Privileges, and Access Controls
8% (14) CWE-20 Improper Input Validation
7% (12) CWE-200 Information Exposure
6% (11) CWE-399 Resource Management Errors
6% (10) CWE-189 Numeric Errors
4% (7) CWE-17 Code
3% (6) CWE-284 Access Control (Authorization) Issues
1% (3) CWE-125 Out-of-bounds Read
1% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (2) CWE-362 Race Condition
1% (2) CWE-310 Cryptographic Issues
1% (2) CWE-287 Improper Authentication
1% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (2) CWE-19 Data Handling
0% (1) CWE-787 Out-of-bounds Write
0% (1) CWE-704 Incorrect Type Conversion or Cast
0% (1) CWE-681 Incorrect Conversion between Numeric Types
0% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (1) CWE-476 NULL Pointer Dereference
0% (1) CWE-416 Use After Free
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-369 Divide By Zero
0% (1) CWE-361 Time and State
0% (1) CWE-255 Credentials Management

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
78232 libvirt bridge Forward Mode Firewall Port Access Restriction Weakness

OpenVAS Exploits

id Description
2012-10-19 Name : Fedora Update for libvirt FEDORA-2012-15640
File : nvt/gb_fedora_2012_15640_libvirt_fc16.nasl
2012-08-24 Name : Fedora Update for libvirt FEDORA-2012-11843
File : nvt/gb_fedora_2012_11843_libvirt_fc16.nasl
2012-04-02 Name : Fedora Update for libvirt FEDORA-2011-17267
File : nvt/gb_fedora_2011_17267_libvirt_fc16.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-B-0068 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0060809

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-04-12 cURL and libcurl set-cookie remote code execution attempt
RuleID : 41853 - Type : OS-LINUX - Revision : 4
2016-03-14 OpenSSL invalid RSASSA-PSS certificate denial of service attempt
RuleID : 37155 - Type : SERVER-OTHER - Revision : 2
2016-03-14 OpenSSL invalid RSASSA-PSS certificate denial of service attempt
RuleID : 37154 - Type : SERVER-OTHER - Revision : 2
2015-08-20 MiniUPNP rootdesc.xml buffer overflow attempt
RuleID : 35690 - Type : PROTOCOL-OTHER - Revision : 4
2015-08-20 MiniUPNP rootdesc.xml buffer overflow attempt
RuleID : 35689 - Type : PROTOCOL-OTHER - Revision : 5
2015-08-20 MiniUPNP rootdesc.xml file request
RuleID : 35688 - Type : PROTOCOL-OTHER - Revision : 8
2015-09-23 Mozilla Firefox PDF.js same origin policy violation attempt
RuleID : 35676 - Type : BROWSER-FIREFOX - Revision : 3
2015-09-23 Mozilla Firefox PDF.js same origin policy violation attempt
RuleID : 35675 - Type : BROWSER-FIREFOX - Revision : 3
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33806 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33805 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33804 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33803 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33802 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33801 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33800 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33799 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33798 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33797 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33796 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33795 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL export grade ciphersuite server negotiation attempt
RuleID : 33794 - Type : SERVER-OTHER - Revision : 6
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33793 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33792 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33791 - Type : SERVER-OTHER - Revision : 5
2015-04-14 SSL request for export grade ciphersuite attempt
RuleID : 33790 - Type : SERVER-OTHER - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2016-0013.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1162.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1122.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1123.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote name server is prone to a denial of service attack.
File: bind9_993.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-15.nasl - Type: ACT_GATHER_INFO
2018-01-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201801-08.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1201.nasl - Type: ACT_GATHER_INFO
2017-10-24 Name: The remote AIX host has a version of bind installed that is affected by multi...
File: aix_bind_nettcp_advisory2.nasl - Type: ACT_GATHER_INFO
2017-09-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2709.nasl - Type: ACT_GATHER_INFO
2017-09-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2710.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by multip...
File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote AIX host has a version of NTP installed that is affected by a data...
File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO
2017-07-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1938-1.nasl - Type: ACT_GATHER_INFO
2017-07-20 Name: An enterprise management application installed on the remote host is affected...
File: oracle_enterprise_manager_jul_2017_cpu.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-18.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3567.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0106.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-549.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application installed on the remote host is affected by multiple vulnerabi...
File: itunes_12_6.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: An application running on the remote host is affected by multiple vulnerabili...
File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO
2017-05-08 Name: The remote host contains an application that is affected by multiple vulnerab...
File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO