This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2017-01-13
Product Ubuntu Linux Last view 2021-04-17
Version 19.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2021-04-17 CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

7.8 2021-04-17 CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

3.3 2020-04-28 CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.

8.8 2020-04-24 CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

7.8 2020-04-24 CVE-2019-15792

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

7.8 2020-04-24 CVE-2019-15791

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

7.5 2020-04-17 CVE-2019-7306

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

3.3 2020-02-08 CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

7.8 2020-02-08 CVE-2019-11484

Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

3.3 2020-02-08 CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

4.7 2020-02-08 CVE-2019-11482

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

7.8 2020-02-08 CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

6.5 2020-01-21 CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

6.5 2020-01-21 CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

5.4 2020-01-21 CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

6.7 2020-01-08 CVE-2019-5188

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

9.1 2020-01-08 CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

8.8 2020-01-08 CVE-2019-17025

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.

8.8 2020-01-08 CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2020-01-08 CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

6.1 2020-01-08 CVE-2019-17022

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2020-01-08 CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

8.8 2020-01-08 CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.1 2020-01-08 CVE-2019-17016

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2019-12-23 CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
12% (19) CWE-125 Out-of-bounds Read
10% (15) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
6% (9) CWE-787 Out-of-bounds Write
5% (8) CWE-476 NULL Pointer Dereference
5% (8) CWE-200 Information Exposure
4% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (6) CWE-190 Integer Overflow or Wraparound
4% (6) CWE-20 Improper Input Validation
3% (5) CWE-369 Divide By Zero
3% (5) CWE-287 Improper Authentication
2% (4) CWE-416 Use After Free
2% (4) CWE-269 Improper Privilege Management
2% (4) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (3) CWE-770 Allocation of Resources Without Limits or Throttling
2% (3) CWE-755 Improper Handling of Exceptional Conditions
2% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (3) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
2% (3) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
2% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (2) CWE-362 Race Condition
1% (2) CWE-276 Incorrect Default Permissions
1% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-772 Missing Release of Resource after Effective Lifetime

Snort® IPS/IDS

Date Description
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52571 - Type : FILE-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52570 - Type : FILE-OTHER - Revision : 1
2020-01-16 Memcached lru mode NULL dereference attempt
RuleID : 52477 - Type : SERVER-OTHER - Revision : 1
2020-01-16 Memcached lru temp_ttl NULL dereference attempt
RuleID : 52476 - Type : SERVER-OTHER - Revision : 1
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2019-12-03 ZeroMQ libzmq stack-based buffer overflow attempt
RuleID : 52037 - Type : SERVER-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-09-24 Memcached lru mode NULL dereference attempt
RuleID : 51186 - Type : SERVER-OTHER - Revision : 1
2019-09-24 Memcached lru temp_ttl NULL dereference attempt
RuleID : 51185 - Type : SERVER-OTHER - Revision : 1
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Type : SERVER-OTHER - Revision : 2
2019-02-21 Imagemagick XBM tranformation information leak attempt
RuleID : 48937 - Type : FILE-IMAGE - Revision : 1
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3
2017-08-08 TRUFFLEHUNTER TALOS-2017-0395 attack attempt
RuleID : 43860 - Type : FILE-IMAGE - Revision : 2
2017-08-08 TRUFFLEHUNTER TALOS-2017-0395 attack attempt
RuleID : 43859 - Type : FILE-IMAGE - Revision : 2
2017-08-08 TRUFFLEHUNTER TALOS-2017-0395 attack attempt
RuleID : 43858 - Type : FILE-IMAGE - Revision : 2
2017-08-08 TRUFFLEHUNTER TALOS-2017-0395 attack attempt
RuleID : 43857 - Type : FILE-IMAGE - Revision : 2
2014-01-10 PHP uri tag injection attempt
RuleID : 23111 - Type : POLICY-OTHER - Revision : 12
2014-01-10 PHP function CRLF injection attempt
RuleID : 12360 - Type : SERVER-WEBAPP - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1005.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-af82e7c863.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a4e13742b4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-615705632d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4ef71d3525.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-3dc16842e2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1d2bc76093.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1a6e6196b9.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1444.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3050.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1120.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1560.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1333.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1324.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1223.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-53790a5236.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1221.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2181.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2180.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69780fc4d7.nasl - Type: ACT_GATHER_INFO
2018-06-29 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-06-25 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b619637e45.nasl - Type: ACT_GATHER_INFO
2018-06-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-170-01.nasl - Type: ACT_GATHER_INFO