This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2017-01-27
Product Ubuntu Linux Last view 2021-04-17
Version 18.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-04-17 CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

7.8 2021-04-17 CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

6.5 2020-06-17 CVE-2020-14405

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

5.4 2020-06-17 CVE-2020-14404

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

5.4 2020-06-17 CVE-2020-14403

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

5.4 2020-06-17 CVE-2020-14402

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.

7.5 2020-06-17 CVE-2020-14398

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

7.5 2020-06-17 CVE-2020-14397

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

7.5 2020-06-17 CVE-2020-14396

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

7.5 2020-06-17 CVE-2019-20840

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.

7.5 2020-06-17 CVE-2019-20839

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

7.5 2020-06-17 CVE-2018-21247

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

9.8 2020-04-23 CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

7.5 2020-04-17 CVE-2019-7306

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

7.5 2019-10-29 CVE-2019-15681

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

7.8 2019-08-29 CVE-2019-11476

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

9.8 2019-07-10 CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

5.3 2019-07-01 CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

6.1 2019-06-29 CVE-2019-13038

mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

7 2019-06-25 CVE-2019-12817

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

7.5 2019-06-24 CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.5 2019-06-18 CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

7.5 2019-06-18 CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

7.5 2019-06-18 CVE-2019-11477

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

7.1 2019-06-11 CVE-2019-12749

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
15% (49) CWE-125 Out-of-bounds Read
13% (44) CWE-787 Out-of-bounds Write
9% (32) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (22) CWE-416 Use After Free
6% (21) CWE-476 NULL Pointer Dereference
6% (21) CWE-190 Integer Overflow or Wraparound
2% (9) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (8) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
2% (8) CWE-362 Race Condition
2% (8) CWE-287 Improper Authentication
2% (7) CWE-770 Allocation of Resources Without Limits or Throttling
2% (7) CWE-20 Improper Input Validation
1% (6) CWE-415 Double Free
1% (6) CWE-200 Information Exposure
1% (5) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (4) CWE-665 Improper Initialization
0% (3) CWE-772 Missing Release of Resource after Effective Lifetime
0% (3) CWE-369 Divide By Zero
0% (3) CWE-346 Origin Validation Error
0% (3) CWE-203 Information Exposure Through Discrepancy
0% (3) CWE-193 Off-by-one Error
0% (3) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (2) CWE-755 Improper Handling of Exceptional Conditions
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource

SAINT Exploits

Description Link
libssh authentication bypass More info here

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-16 Memcached lru mode NULL dereference attempt
RuleID : 52477 - Type : SERVER-OTHER - Revision : 1
2020-01-16 Memcached lru temp_ttl NULL dereference attempt
RuleID : 52476 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52397 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52396 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52395 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52394 - Type : SERVER-OTHER - Revision : 1
2020-01-07 LibVNCServer file transfer extension heap buffer overflow attempt
RuleID : 52393 - Type : SERVER-OTHER - Revision : 1
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2019-12-03 ZeroMQ libzmq stack-based buffer overflow attempt
RuleID : 52037 - Type : SERVER-OTHER - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-09-24 Memcached lru mode NULL dereference attempt
RuleID : 51186 - Type : SERVER-OTHER - Revision : 1
2019-09-24 Memcached lru temp_ttl NULL dereference attempt
RuleID : 51185 - Type : SERVER-OTHER - Revision : 1
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51097 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51096 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51095 - Type : FILE-IMAGE - Revision : 2
2019-09-19 Multiple products JBIG compressed TIFF buffer overflow attempt
RuleID : 51094 - Type : FILE-IMAGE - Revision : 2
2019-07-02 Debian apt remote code execution attempt
RuleID : 50190 - Type : OS-LINUX - Revision : 1
2019-05-07 PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Type : SERVER-OTHER - Revision : 1
2019-05-07 PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Type : SERVER-OTHER - Revision : 1
2019-04-30 Unix systemd-journald memory corruption attempt
RuleID : 49618 - Type : FILE-OTHER - Revision : 1
2019-04-30 Unix systemd-journald memory corruption attempt
RuleID : 49617 - Type : FILE-OTHER - Revision : 1
2019-04-18 Snapd dirty_sock exploit download attempt
RuleID : 49489 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: A PHP application running on the remote web server is affected by multiple vu...
File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-75a8da28f0.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_d38bbb7914f311e99ce228d244aee256.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1141.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1143.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1144.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote Debian host is missing a security update.
File: debian_DLA-1631.nasl - Type: ACT_GATHER_INFO