This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2005-05-13
Product Ubuntu Linux Last view 2016-12-16
Version 5.04 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:canonical:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2016-12-16 CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

7.8 2016-12-16 CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

7.8 2016-11-27 CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

4.3 2006-09-28 CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

4.9 2006-08-21 CVE-2006-4093

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

4.3 2006-04-14 CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".

4.3 2006-04-14 CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

9.3 2006-04-14 CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

7.6 2006-04-14 CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

7.5 2005-12-31 CVE-2005-4807

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

3.6 2005-09-14 CVE-2005-2492

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

4.6 2005-05-13 CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

CWE : Common Weakness Enumeration

%idName
25% (2) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-476 NULL Pointer Dereference
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
12% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
12% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Ubuntu overlayfs privilege elevation More info here

Open Source Vulnerability Database (OSVDB)

id Description
29263 OpenSSL SSLv2 get_server_hello Function Remote DoS
28034 Linux Kernel Uncleared HID0[31] Bit DoS
27960 GNU Binutils Assembler as_bad() Function Local Overflow
24680 Mozilla Multiple Products XBL Control Print Preview Privilege Escalation
24679 Mozilla Multiple Products crypto.generateCRMFRequest Method Arbitrary Code Ex...
24678 Mozilla Multiple Products Text Box Arbitrary File Access
24658 Mozilla Multiple Products Modal Alert Suspended Handler XSS
19261 Linux Kernel raw_sendmsg() Unspecified Memory Manipulation
16371 zgrep Unspecified Arbitrary Command Execution

ExploitDB Exploits

id Description
28726 OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
4773 OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2010-02-03 Name : Solaris Update for Kernel 122301-48
File : nvt/gb_solaris_122301_48.nasl
2010-02-03 Name : Solaris Update for Kernel 122300-48
File : nvt/gb_solaris_122300_48.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for Kernel 122301-44
File : nvt/gb_solaris_122301_44.nasl
2009-10-13 Name : Solaris Update for Kernel 122300-44
File : nvt/gb_solaris_122300_44.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114357-18
File : nvt/gb_solaris_114357_18.nasl
2009-10-13 Name : Solaris Update for /usr/bin/ssh 114356-19
File : nvt/gb_solaris_114356_19.nasl
2009-10-13 Name : Solaris Update for pkg utilities 113713-28
File : nvt/gb_solaris_113713_28.nasl
2009-10-10 Name : SLES9: Security update for Linux kernel
File : nvt/sles9p5019905.nasl
2009-10-10 Name : SLES9: Security update for Mozilla suite
File : nvt/sles9p5019559.nasl
2009-10-10 Name : SLES9: Security update for OpenSSL
File : nvt/sles9p5018586.nasl
2009-09-23 Name : Solaris Update for pkg utilities 114568-27
File : nvt/gb_solaris_114568_27.nasl
2009-09-23 Name : Solaris Update for Kernel 122301-42
File : nvt/gb_solaris_122301_42.nasl
2009-06-03 Name : Solaris Update for pkg utilities 114568-26
File : nvt/gb_solaris_114568_26.nasl
2009-06-03 Name : Solaris Update for wanboot 122715-02
File : nvt/gb_solaris_122715_02.nasl
2009-06-03 Name : Solaris Update for bootconfchk 123376-01
File : nvt/gb_solaris_123376_01.nasl
2009-06-03 Name : Solaris Update for bootconfchk 123377-01
File : nvt/gb_solaris_123377_01.nasl
2009-06-03 Name : Solaris Update for Kernel 122301-40
File : nvt/gb_solaris_122301_40.nasl
2009-06-03 Name : Solaris Update for kernel 127127-11
File : nvt/gb_solaris_127127_11.nasl
2009-06-03 Name : Solaris Update for kernel 127128-11
File : nvt/gb_solaris_127128_11.nasl
2009-06-03 Name : Solaris Update for Kernel 122300-40
File : nvt/gb_solaris_122300_40.nasl
2009-06-03 Name : Solaris Update for kernel 120011-14
File : nvt/gb_solaris_120011_14.nasl
2009-06-03 Name : Solaris Update for wanboot 117123-08
File : nvt/gb_solaris_117123_08.nasl
2009-06-03 Name : Solaris Update for /usr/bin/ssh 114357-17
File : nvt/gb_solaris_114357_17.nasl
2009-06-03 Name : Solaris Update for /usr/bin/ssh 114356-18
File : nvt/gb_solaris_114356_18.nasl

Snort® IPS/IDS

Date Description
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Type : OS-LINUX - Revision : 2
2017-01-19 Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Type : OS-LINUX - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-12-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3157-1.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL8106.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-2.nasl - Type: ACT_GATHER_INFO
2015-06-22 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-2.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2640-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2642-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2643-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2644-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2645-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2646-1.nasl - Type: ACT_GATHER_INFO
2015-06-16 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2647-1.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL6734.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0617.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2006-0661.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2006-0695.nasl - Type: ACT_GATHER_INFO
2012-05-17 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_kernel-2096.nasl - Type: ACT_GATHER_INFO
2012-01-04 Name: The remote server is affected by multiple vulnerabilities.
File: openssl_0_9_7l_0_9_8d.nasl - Type: ACT_GATHER_INFO
2010-03-11 Name: The remote web server has multiple SSL-related vulnerabilities.
File: openssl_0_9_8m.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0264.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0525.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0629.nasl - Type: ACT_GATHER_INFO
2008-04-02 Name: The remote Windows host has an application that is affected by multiple issues.
File: vmware_multiple_vmsa_2008_0005.nasl - Type: ACT_GATHER_INFO