This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2018-06-08
Product Ubuntu Linux Last view 2020-04-28
Version 19.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2020-04-28 CVE-2019-15790

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.

8.8 2020-04-24 CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

7.8 2020-04-24 CVE-2019-15792

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

7.8 2020-04-24 CVE-2019-15791

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

7.5 2020-04-17 CVE-2019-7306

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

3.3 2020-02-08 CVE-2019-11485

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

7.8 2020-02-08 CVE-2019-11484

Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

3.3 2020-02-08 CVE-2019-11483

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

4.7 2020-02-08 CVE-2019-11482

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

7.8 2020-02-08 CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

6.5 2020-01-21 CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

6.5 2020-01-21 CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

5.4 2020-01-21 CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

8.8 2020-01-08 CVE-2019-17025

Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 72.

8.8 2020-01-08 CVE-2019-17024

Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2020-01-08 CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.

6.1 2020-01-08 CVE-2019-17022

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2020-01-08 CVE-2019-17020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

8.8 2020-01-08 CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.1 2020-01-08 CVE-2019-17016

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

6.5 2019-12-23 CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

9.8 2019-12-18 CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)

8 2019-12-10 CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

5.4 2019-12-10 CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

5.3 2019-12-10 CVE-2019-14861

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
7% (8) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
7% (8) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (7) CWE-476 NULL Pointer Dereference
6% (7) CWE-200 Information Exposure
6% (7) CWE-125 Out-of-bounds Read
5% (6) CWE-20 Improper Input Validation
4% (5) CWE-787 Out-of-bounds Write
4% (5) CWE-416 Use After Free
4% (5) CWE-369 Divide By Zero
4% (5) CWE-190 Integer Overflow or Wraparound
3% (4) CWE-287 Improper Authentication
3% (4) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (3) CWE-755 Improper Handling of Exceptional Conditions
2% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (2) CWE-269 Improper Privilege Management
1% (2) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
1% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (1) CWE-706 Use of Incorrectly-Resolved Name or Reference
0% (1) CWE-665 Improper Initialization
0% (1) CWE-640 Weak Password Recovery Mechanism for Forgotten Password
0% (1) CWE-532 Information Leak Through Log Files

Snort® IPS/IDS

Date Description
2020-01-16 Memcached lru mode NULL dereference attempt
RuleID : 52477 - Type : SERVER-OTHER - Revision : 1
2020-01-16 Memcached lru temp_ttl NULL dereference attempt
RuleID : 52476 - Type : SERVER-OTHER - Revision : 1
2019-12-10 PHP FPM env_path_info buffer underflow attempt
RuleID : 52123 - Type : SERVER-WEBAPP - Revision : 1
2019-12-03 ZeroMQ libzmq stack-based buffer overflow attempt
RuleID : 52037 - Type : SERVER-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 52000 - Type : FILE-OTHER - Revision : 1
2019-11-26 LibreOffice office document arbitrary script execution attempt
RuleID : 51999 - Type : FILE-OTHER - Revision : 1
2019-09-24 Memcached lru mode NULL dereference attempt
RuleID : 51186 - Type : SERVER-OTHER - Revision : 1
2019-09-24 Memcached lru temp_ttl NULL dereference attempt
RuleID : 51185 - Type : SERVER-OTHER - Revision : 1
2018-06-12 EHLO user overflow attempt
RuleID : 46610 - Type : SERVER-MAIL - Revision : 3
2014-01-10 PHP uri tag injection attempt
RuleID : 23111 - Type : POLICY-OTHER - Revision : 12
2014-01-10 PHP function CRLF injection attempt
RuleID : 12360 - Type : SERVER-WEBAPP - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-af82e7c863.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a4e13742b4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-615705632d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4ef71d3525.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-3dc16842e2.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1d2bc76093.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1a6e6196b9.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1333.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1324.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1223.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-53790a5236.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1221.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2181.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2180.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69780fc4d7.nasl - Type: ACT_GATHER_INFO
2018-06-29 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-06-25 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b619637e45.nasl - Type: ACT_GATHER_INFO
2018-06-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-170-01.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-84fdbd021f.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-159-01.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_7da0417f6b2411e884cc002590acae31.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4224.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4223.nasl - Type: ACT_GATHER_INFO