This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2016-06-10
Product Ubuntu Linux Last view 2020-09-02
Version 18.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition lts  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.3 2020-09-02 CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

5.5 2020-08-31 CVE-2020-12829

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

7.8 2020-08-20 CVE-2020-15862

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

7.1 2020-08-19 CVE-2020-24394

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

7.5 2020-08-12 CVE-2020-12673

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

8.8 2020-08-10 CVE-2020-15659

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

6.4 2020-07-29 CVE-2020-15707

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

6.4 2020-07-29 CVE-2020-15706

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.

6.4 2020-07-29 CVE-2020-15705

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.

5.9 2020-07-29 CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.

6.8 2020-07-29 CVE-2020-11933

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.

7.9 2020-07-28 CVE-2020-15863

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

5.9 2020-07-17 CVE-2020-14928

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

6.7 2020-07-15 CVE-2019-20908

An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.

6.5 2020-07-06 CVE-2020-10760

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

4.4 2020-06-30 CVE-2020-5973

NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

9.8 2020-06-30 CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

4.3 2020-06-24 CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

5.5 2020-06-15 CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

6.1 2020-06-09 CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

5.9 2020-06-03 CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

5.5 2020-06-03 CVE-2019-20810

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.

9.8 2020-05-26 CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

4.4 2020-05-19 CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

6.7 2020-05-19 CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
11% (86) CWE-125 Out-of-bounds Read
10% (84) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (81) CWE-787 Out-of-bounds Write
7% (55) CWE-476 NULL Pointer Dereference
6% (51) CWE-416 Use After Free
6% (49) CWE-190 Integer Overflow or Wraparound
5% (43) CWE-772 Missing Release of Resource after Effective Lifetime
5% (40) CWE-20 Improper Input Validation
4% (37) CWE-200 Information Exposure
2% (22) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
2% (18) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (14) CWE-362 Race Condition
1% (11) CWE-770 Allocation of Resources Without Limits or Throttling
1% (11) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (10) CWE-369 Divide By Zero
1% (9) CWE-287 Improper Authentication
1% (9) CWE-269 Improper Privilege Management
1% (9) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (8) CWE-704 Incorrect Type Conversion or Cast
1% (8) CWE-415 Double Free
0% (7) CWE-617 Reachable Assertion
0% (7) CWE-346 Origin Validation Error
0% (7) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (5) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (5) CWE-522 Insufficiently Protected Credentials

SAINT Exploits

Description Link
libssh authentication bypass More info here

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-16 Memcached lru mode NULL dereference attempt
RuleID : 52477 - Type : SERVER-OTHER - Revision : 1
2020-01-16 Memcached lru temp_ttl NULL dereference attempt
RuleID : 52476 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52397 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52396 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52395 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52394 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52393 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52344 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52343 - Type : SERVER-OTHER - Revision : 1
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2019-12-03 ZeroMQ libzmq stack-based buffer overflow attempt
RuleID : 52037 - Type : SERVER-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-11-19 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 51945 - Type : FILE-OTHER - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-09-24 Memcached lru mode NULL dereference attempt
RuleID : 51186 - Type : SERVER-OTHER - Revision : 1
2019-09-24 Memcached lru temp_ttl NULL dereference attempt
RuleID : 51185 - Type : SERVER-OTHER - Revision : 1
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51097 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51096 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: A PHP application running on the remote web server is affected by multiple vu...
File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-013-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-75a8da28f0.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_d38bbb7914f311e99ce228d244aee256.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote device is missing a vendor-supplied security patch.
File: juniper_jsa10919.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO