This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2016-05-02
Product Ubuntu Linux Last view 2017-07-25
Version 16.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2017-07-25 CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

7.5 2017-06-08 CVE-2017-9022

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

8.8 2017-06-01 CVE-2017-8386

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

7.5 2017-04-14 CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

7.3 2017-04-05 CVE-2017-7358

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

7.8 2017-03-27 CVE-2017-6964

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.

7.5 2017-03-27 CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

7.8 2017-03-23 CVE-2016-9775

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.

7.8 2017-03-23 CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

7.5 2017-03-20 CVE-2014-9851

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

7.5 2017-03-20 CVE-2014-9850

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

7.5 2017-03-20 CVE-2014-9849

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

7.5 2017-03-20 CVE-2014-9848

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

9.8 2017-03-20 CVE-2014-9847

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.

9.8 2017-03-20 CVE-2014-9846

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

5.5 2017-03-20 CVE-2014-9845

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

5.5 2017-03-20 CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

9.8 2017-03-20 CVE-2014-9843

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.

7.5 2017-03-20 CVE-2014-9842

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

9.8 2017-03-20 CVE-2014-9841

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."

7.5 2017-03-17 CVE-2014-9854

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."

5.5 2017-03-17 CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

6.3 2017-03-09 CVE-2017-6590

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.

7.5 2017-02-23 CVE-2016-10109

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

5.9 2017-02-01 CVE-2016-9963

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

CWE : Common Weakness Enumeration

%idName
17% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (4) CWE-399 Resource Management Errors
14% (4) CWE-264 Permissions, Privileges, and Access Controls
10% (3) CWE-20 Improper Input Validation
7% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (1) CWE-798 Use of Hard-coded Credentials
3% (1) CWE-416 Use After Free
3% (1) CWE-388 Error Handling
3% (1) CWE-320 Key Management Errors
3% (1) CWE-310 Cryptographic Issues
3% (1) CWE-252 Unchecked Return Value
3% (1) CWE-125 Out-of-bounds Read
3% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
3% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-21 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1377.nasl - Type: ACT_GATHER_INFO
2018-09-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1497.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0119.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3659.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0174.nasl - Type: ACT_GATHER_INFO
2017-12-07 Name: A server virtualization platform installed on the remote host is affected by ...
File: citrix_xenserver_CTX230138.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3084-1.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2963-1.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2969-1.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2946-1.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1187.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1188.nasl - Type: ACT_GATHER_INFO
2017-08-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-980.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2004.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-3609.nasl - Type: ACT_GATHER_INFO
2017-08-25 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2017-0145.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170801_git_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-09 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2004.nasl - Type: ACT_GATHER_INFO
2017-08-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2004.nasl - Type: ACT_GATHER_INFO
2017-07-27 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f941184db1.nasl - Type: ACT_GATHER_INFO
2017-07-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1035.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1118.nasl - Type: ACT_GATHER_INFO
2017-07-21 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1119.nasl - Type: ACT_GATHER_INFO