This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2015-03-30
Product Ubuntu Linux Last view 2020-06-15
Version 16.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition lts  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-06-15 CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.9 2020-06-03 CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

3.3 2020-05-15 CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;

7 2020-04-29 CVE-2020-11884

In the Linux kernel through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

3.3 2020-04-28 CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.

4.7 2020-04-22 CVE-2020-8833

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

5.5 2020-04-22 CVE-2020-8831

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

7.5 2020-04-21 CVE-2020-11008

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.

7.5 2020-04-17 CVE-2019-7306

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

5.9 2020-04-15 CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

4.3 2020-04-07 CVE-2020-11609

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.

4.3 2020-04-07 CVE-2020-11608

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

6 2020-04-06 CVE-2020-11565

** DISPUTED ** An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.†.

7.1 2020-03-12 CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

6.4 2020-02-24 CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

3.3 2020-02-08 CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling.

7.8 2020-02-08 CVE-2019-11484

Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

3.3 2020-02-08 CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

4.7 2020-02-08 CVE-2019-11482

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

7.8 2020-02-08 CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

7.5 2020-01-27 CVE-2019-20421

In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

9.8 2020-01-22 CVE-2016-4761

WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

6.5 2020-01-21 CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

7.5 2020-01-21 CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

5.4 2020-01-21 CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
17% (203) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9% (114) CWE-125 Out-of-bounds Read
8% (101) CWE-20 Improper Input Validation
6% (81) CWE-200 Information Exposure
6% (78) CWE-476 NULL Pointer Dereference
5% (70) CWE-416 Use After Free
4% (56) CWE-190 Integer Overflow or Wraparound
4% (52) CWE-787 Out-of-bounds Write
4% (48) CWE-772 Missing Release of Resource after Effective Lifetime
4% (48) CWE-284 Access Control (Authorization) Issues
3% (39) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (16) CWE-362 Race Condition
1% (15) CWE-254 Security Features
1% (13) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (12) CWE-415 Double Free
1% (12) CWE-264 Permissions, Privileges, and Access Controls
0% (11) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (10) CWE-330 Use of Insufficiently Random Values
0% (10) CWE-269 Improper Privilege Management
0% (9) CWE-399 Resource Management Errors
0% (9) CWE-287 Improper Authentication
0% (8) CWE-770 Allocation of Resources Without Limits or Throttling
0% (8) CWE-704 Incorrect Type Conversion or Cast
0% (8) CWE-617 Reachable Assertion
0% (8) CWE-346 Origin Validation Error

SAINT Exploits

Description Link
Exim SMTP listener base64d function one-character buffer overflow More info here
libssh authentication bypass More info here
Linux Dirty COW Local File Overwrite More info here

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1
2020-02-04 dnsmasq crafted OPT record denial of service attempt
RuleID : 52524 - Type : PROTOCOL-DNS - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52397 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52396 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52395 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52394 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52393 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52344 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52343 - Type : SERVER-OTHER - Revision : 1
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2019-12-03 ZeroMQ libzmq stack-based buffer overflow attempt
RuleID : 52037 - Type : SERVER-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-11-19 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 51945 - Type : FILE-OTHER - Revision : 1
2019-10-23 PHP http fopen stack buffer overflow attempt
RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51097 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51096 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51095 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51094 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: A PHP application running on the remote web server is affected by multiple vu...
File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-013-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-089.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO