This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2005-05-13
Product Ubuntu Linux Last view 2016-12-16
Version 4.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

4.3 2006-04-14 CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

4.3 2006-04-14 CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

9.3 2006-04-14 CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

7.6 2006-04-14 CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

3.6 2005-09-14 CVE-2005-2492

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

4.6 2005-05-13 CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
16% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
24680 Mozilla Multiple Products XBL Control Print Preview Privilege Escalation
24679 Mozilla Multiple Products crypto.generateCRMFRequest Method Arbitrary Code Ex...
24678 Mozilla Multiple Products Text Box Arbitrary File Access
24658 Mozilla Multiple Products Modal Alert Suspended Handler XSS
19261 Linux Kernel raw_sendmsg() Unspecified Memory Manipulation
16371 zgrep Unspecified Arbitrary Command Execution

OpenVAS Exploits

id Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for Mozilla suite
File : nvt/sles9p5019559.nasl
2009-05-05 Name : HP-UX Update for Thunderbird HPSBUX02156
File : nvt/gb_hp_ux_HPSBUX02156.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200505-05 (gzip)
File : nvt/glsa_200505_05.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
File : nvt/glsa_200604_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-18 (mozilla)
File : nvt/glsa_200604_18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
File : nvt/glsa_200605_09.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox22.nasl
2008-01-17 Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox)
File : nvt/deb_1044_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1046-1 (mozilla)
File : nvt/deb_1046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
File : nvt/deb_1051_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1118-1 (mozilla)
File : nvt/deb_1118_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox)
File : nvt/deb_1120_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird)
File : nvt/deb_1134_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-262-01 gzip
File : nvt/esoft_slk_ssa_2006_262_01.nasl

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2007-12-21 Name: A web browser on the remote host is prone to multiple flaws.
File: mozilla_firefox_108.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-323-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-296-2.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-296-1.nasl - Type: ACT_GATHER_INFO
2007-10-17 Name: The remote openSUSE host is missing a security update.
File: suse_MozillaFirefox-1585.nasl - Type: ACT_GATHER_INFO
2007-08-02 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2007-007.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120671-08
File: solaris9_120671.nasl - Type: ACT_GATHER_INFO
2007-02-18 Name: The remote host is missing Sun Security Patch number 120671-08
File: solaris8_120671.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-487.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-488.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-489.nasl - Type: ACT_GATHER_INFO
2007-01-17 Name: The remote Fedora Core host is missing a security update.
File: fedora_2006-490.nasl - Type: ACT_GATHER_INFO