Summary
| Detail | |||
|---|---|---|---|
| Vendor | Canonical | First view | 2015-04-29 |
| Product | Ubuntu Linux | Last view | 2021-04-17 |
| Version | 15.1 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:canonical:ubuntu_linux | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2021-04-17 | CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. |
| 7.8 | 2021-04-17 | CVE-2021-3492 | Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. |
| 7.8 | 2016-11-27 | CVE-2015-1328 | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. |
| 5 | 2015-05-12 | CVE-2015-2668 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. |
| 5 | 2015-05-12 | CVE-2015-2222 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. |
| 5 | 2015-05-12 | CVE-2015-2221 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. |
| 5 | 2015-05-01 | CVE-2015-3153 | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. |
| 4.6 | 2015-04-29 | CVE-2015-1322 | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). |
| 6.8 | 2015-04-29 | CVE-2015-1321 | Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (3) | CWE-399 | Resource Management Errors |
| 11% (1) | CWE-415 | Double Free |
| 11% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 11% (1) | CWE-269 | Improper Privilege Management |
| 11% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 11% (1) | CWE-200 | Information Exposure |
| 11% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
SAINT Exploits
| Description | Link |
|---|---|
| Ubuntu overlayfs privilege elevation | More info here |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-01-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201512-08.nasl - Type: ACT_GATHER_INFO |
| 2015-08-17 | Name: The remote host is missing a Mac OS X update that fixes multiple security vul... File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO |
| 2015-06-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO |
| 2015-06-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO |
| 2015-06-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO |
| 2015-06-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO |
| 2015-06-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-04 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-0990-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-537.nasl - Type: ACT_GATHER_INFO |
| 2015-05-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-0962-1.nasl - Type: ACT_GATHER_INFO |
| 2015-05-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-233.nasl - Type: ACT_GATHER_INFO |
| 2015-05-27 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_27f742f603f411e5aab1d050996490d0.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-366.nasl - Type: ACT_GATHER_INFO |
| 2015-05-20 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_3d0428b2fdfb11e4894fd050996490d0.nasl - Type: ACT_GATHER_INFO |
| 2015-05-14 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_clamav-150507.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-356.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Fedora host is missing a security update. File: fedora_2015-7378.nasl - Type: ACT_GATHER_INFO |
| 2015-05-12 | Name: The antivirus service running on the remote host is affected by multiple vuln... File: clamav_0_98_7.nasl - Type: ACT_GATHER_INFO |
