Summary
Detail | |||
---|---|---|---|
Vendor | Canonical | First view | 2017-01-27 |
Product | Ubuntu Linux | Last view | 2021-04-17 |
Version | 18.10 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:canonical:ubuntu_linux |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2021-04-17 | CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. |
7.8 | 2021-04-17 | CVE-2021-3492 | Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. |
6.5 | 2020-06-17 | CVE-2020-14405 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
5.4 | 2020-06-17 | CVE-2020-14404 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
5.4 | 2020-06-17 | CVE-2020-14403 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
5.4 | 2020-06-17 | CVE-2020-14402 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
7.5 | 2020-06-17 | CVE-2020-14398 | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
7.5 | 2020-06-17 | CVE-2020-14397 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
7.5 | 2020-06-17 | CVE-2020-14396 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
7.5 | 2020-06-17 | CVE-2019-20840 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. |
7.5 | 2020-06-17 | CVE-2019-20839 | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. |
7.5 | 2020-06-17 | CVE-2018-21247 | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. |
9.8 | 2020-04-23 | CVE-2019-20788 | libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. |
7.5 | 2020-04-17 | CVE-2019-7306 | Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu |
7.5 | 2019-10-29 | CVE-2019-15681 | LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. |
7.8 | 2019-08-29 | CVE-2019-11476 | An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. |
9.8 | 2019-07-10 | CVE-2019-13132 | In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. |
5.3 | 2019-07-01 | CVE-2019-12781 | An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
6.1 | 2019-06-29 | CVE-2019-13038 | mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. |
7 | 2019-06-25 | CVE-2019-12817 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. |
7.5 | 2019-06-24 | CVE-2018-20843 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
7.5 | 2019-06-18 | CVE-2019-11479 | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. |
7.5 | 2019-06-18 | CVE-2019-11478 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. |
7.5 | 2019-06-18 | CVE-2019-11477 | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. |
7.1 | 2019-06-11 | CVE-2019-12749 | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
15% (49) | CWE-125 | Out-of-bounds Read |
13% (44) | CWE-787 | Out-of-bounds Write |
9% (32) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6% (22) | CWE-416 | Use After Free |
6% (21) | CWE-476 | NULL Pointer Dereference |
6% (21) | CWE-190 | Integer Overflow or Wraparound |
2% (9) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
2% (8) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
2% (8) | CWE-362 | Race Condition |
2% (8) | CWE-287 | Improper Authentication |
2% (7) | CWE-770 | Allocation of Resources Without Limits or Throttling |
2% (7) | CWE-20 | Improper Input Validation |
1% (6) | CWE-415 | Double Free |
1% (6) | CWE-200 | Information Exposure |
1% (5) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
1% (4) | CWE-665 | Improper Initialization |
0% (3) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (3) | CWE-369 | Divide By Zero |
0% (3) | CWE-346 | Origin Validation Error |
0% (3) | CWE-203 | Information Exposure Through Discrepancy |
0% (3) | CWE-193 | Off-by-one Error |
0% (3) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
0% (3) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
0% (2) | CWE-755 | Improper Handling of Exceptional Conditions |
0% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
SAINT Exploits
Description | Link |
---|---|
libssh authentication bypass | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-16 | Memcached lru mode NULL dereference attempt RuleID : 52477 - Type : SERVER-OTHER - Revision : 1 |
2020-01-16 | Memcached lru temp_ttl NULL dereference attempt RuleID : 52476 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52397 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52396 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52395 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52394 - Type : SERVER-OTHER - Revision : 1 |
2020-01-07 | LibVNCServer file transfer extension heap buffer overflow attempt RuleID : 52393 - Type : SERVER-OTHER - Revision : 1 |
2020-01-03 | Imagemagick XBM tranformation information leak attempt RuleID : 52312 - Type : FILE-IMAGE - Revision : 1 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52133 - Type : FILE-OTHER - Revision : 2 |
2019-12-10 | Libmspack cabd_sys_read_block off-by-one heap overflow attempt RuleID : 52132 - Type : FILE-OTHER - Revision : 2 |
2019-12-03 | ZeroMQ libzmq stack-based buffer overflow attempt RuleID : 52037 - Type : SERVER-OTHER - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
2019-09-24 | Memcached lru mode NULL dereference attempt RuleID : 51186 - Type : SERVER-OTHER - Revision : 1 |
2019-09-24 | Memcached lru temp_ttl NULL dereference attempt RuleID : 51185 - Type : SERVER-OTHER - Revision : 1 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51097 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51096 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51095 - Type : FILE-IMAGE - Revision : 2 |
2019-09-19 | Multiple products JBIG compressed TIFF buffer overflow attempt RuleID : 51094 - Type : FILE-IMAGE - Revision : 2 |
2019-07-02 | Debian apt remote code execution attempt RuleID : 50190 - Type : OS-LINUX - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file download attempt RuleID : 49673 - Type : SERVER-OTHER - Revision : 1 |
2019-05-07 | PHP gdImageColorMatch heap buffer overflow file upload attempt RuleID : 49672 - Type : SERVER-OTHER - Revision : 1 |
2019-04-30 | Unix systemd-journald memory corruption attempt RuleID : 49618 - Type : FILE-OTHER - Revision : 1 |
2019-04-30 | Unix systemd-journald memory corruption attempt RuleID : 49617 - Type : FILE-OTHER - Revision : 1 |
2019-04-18 | Snapd dirty_sock exploit download attempt RuleID : 49489 - Type : FILE-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-18 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: A PHP application running on the remote web server is affected by multiple vu... File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO |
2019-01-16 | Name: The remote database server is affected by multiple vulnerabilities File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Fedora host is missing a security update. File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Fedora host is missing a security update. File: fedora_2019-75a8da28f0.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Fedora host is missing a security update. File: fedora_2019-a7b53ed5a3.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_d38bbb7914f311e99ce228d244aee256.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1141.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1143.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1144.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Debian host is missing a security update. File: debian_DLA-1631.nasl - Type: ACT_GATHER_INFO |