This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Canonical First view 2005-01-10
Product Ubuntu Linux Last view 2022-03-29
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* 1599
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* 1523
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* 1312
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* 592
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* 482
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* 445
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* 383
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* 330
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* 316
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* 268
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* 263
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* 255
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* 249
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* 234
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* 224
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* 223
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 208
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* 189
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* 127
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* 110
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* 108
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* 103
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* 101
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* 97
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* 95
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* 90
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* 89
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* 88
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* 77
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* 74
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* 74
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* 71
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* 67
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* 67
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* 56
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* 50
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:* 42
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* 36
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:* 32
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* 32
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* 29
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* 28
cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:* 18
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:* 18
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:* 17
cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:* 15
cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:* 13
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:* 11
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:* 11
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:* 10

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2022-03-29 CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

8.8 2022-03-23 CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

7.5 2022-03-04 CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

7.8 2022-03-03 CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

7 2022-03-03 CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

8.8 2022-02-21 CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

5.5 2022-02-21 CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

8.8 2022-02-18 CVE-2021-4093

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

8.8 2022-02-18 CVE-2020-25722

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

7.2 2022-02-18 CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

8.1 2022-02-18 CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

5.9 2022-02-18 CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

7.8 2022-02-17 CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

8.8 2022-02-17 CVE-2021-44730

snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

7.8 2022-02-17 CVE-2021-4120

snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

5.5 2022-02-17 CVE-2021-3155

snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

7.8 2022-02-16 CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

9.1 2022-01-31 CVE-2021-45079

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

7.8 2022-01-28 CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

7.8 2022-01-20 CVE-2021-45417

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

7.5 2022-01-14 CVE-2022-20698

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

7.3 2021-12-08 CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

7.8 2021-11-17 CVE-2021-3939

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.

5.5 2021-06-12 CVE-2021-32555

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

5.5 2021-06-12 CVE-2021-32554

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
13% (353) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (232) CWE-787 Out-of-bounds Write
8% (226) CWE-125 Out-of-bounds Read
6% (185) CWE-20 Improper Input Validation
6% (169) CWE-416 Use After Free
5% (148) CWE-476 NULL Pointer Dereference
4% (131) CWE-200 Information Exposure
3% (107) CWE-190 Integer Overflow or Wraparound
3% (95) CWE-264 Permissions, Privileges, and Access Controls
2% (61) CWE-399 Resource Management Errors
2% (57) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (52) CWE-772 Missing Release of Resource after Effective Lifetime
1% (52) CWE-362 Race Condition
1% (50) CWE-189 Numeric Errors
1% (48) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (43) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (38) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (36) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (36) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (33) CWE-269 Improper Privilege Management
0% (26) CWE-287 Improper Authentication
0% (26) CWE-284 Access Control (Authorization) Issues
0% (20) CWE-310 Cryptographic Issues
0% (19) CWE-17 Code
0% (18) CWE-770 Allocation of Resources Without Limits or Throttling

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:10949 Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypa...
oval:org.mitre.oval:def:9797 zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows...
oval:org.mitre.oval:def:1107 gzip zgrep Sanitation Vulnerability
oval:org.mitre.oval:def:1081 gzip Argument Sanitation Vulnerability
oval:org.mitre.oval:def:749 bzip2 Decompression Bomb
oval:org.mitre.oval:def:10700 bzip2 allows remote attackers to cause a denial of service (hard drive consum...
oval:org.mitre.oval:def:11031 The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local...
oval:org.mitre.oval:def:1649 Mozilla Privilege Escalation through Print Preview
oval:org.mitre.oval:def:10364 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0...
oval:org.mitre.oval:def:1698 Mozilla Privilege Escalation Using crypto.generateCRMFRequest
oval:org.mitre.oval:def:10508 Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0...
oval:org.mitre.oval:def:1929 Mozilla File Stealing by Changing Input Type
oval:org.mitre.oval:def:10922 Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite befo...
oval:org.mitre.oval:def:9167 Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1...
oval:org.mitre.oval:def:1855 Mozilla Cross-site JavaScript Injection Using Event Handlers
oval:org.mitre.oval:def:11692 ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of ...
oval:org.mitre.oval:def:10886 The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c i...
oval:org.mitre.oval:def:10666 Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC97...
oval:org.mitre.oval:def:4356 Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to ...
oval:org.mitre.oval:def:10207 The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 befor...
oval:org.mitre.oval:def:10612 Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6...
oval:org.mitre.oval:def:9746 Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before...
oval:org.mitre.oval:def:10895 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before ...
oval:org.mitre.oval:def:11077 Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey befor...
oval:org.mitre.oval:def:11185 The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 b...

SAINT Exploits

Description Link
Exim SMTP listener base64d function one-character buffer overflow More info here
Ubuntu overlayfs privilege elevation More info here
OpenSMTPD MAIL FROM command injection More info here
libssh authentication bypass More info here
Polkit pkexec privilege elevation More info here
MySQL yaSSL SSL Hello message buffer overflow More info here
Linux Dirty COW Local File Overwrite More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here
Horde Imp Unauthenticated Remote Command Execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78232 libvirt bridge Forward Mode Firewall Port Access Restriction Weakness
77832 Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
77642 Update Manager Tar File Handling MitM Remote Arbitrary File Overwrite
77641 Update Manager Insecure Temporary File Creation Local .XAUTHORITY File Discl...
77584 ISC DHCP Regular Expressions dhcpd.conf DHCP Request Packet Parsing Remote DoS
77451 apt Verify-Host Option SSL Certificate Validation MitM Remote Repository Cred...
77430 Ubuntu Software Center SSL Certificate Verification MitM Package Installation...
77214 system-config-printer cupshelper OpenPrinting Database Query MitM Package Ins...
77176 LightDM ~/.dmrc File Handling Local Symlink Arbitrary File Access
76940 icedtea-web Web Browser Plugin Applet Handling Same Origin Policy Bypass
76805 Linux Kernel net/core/net_namespace.c Network Namespace Cleanup Weakness Remo...
75652 Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow
75622 Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74675 Linux Kernel OOM Score Calculation PTE Page Handling DoS
74630 tex-common conf/texmf.d/95NonPath.cnf shell_escape_commands Directive Crafted...
74557 ISC DHCP Crafted BOOTP Packet Remote DoS
74556 ISC DHCP Crafted DHCP Packet Remote DoS
74335 Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74263 APT Inline GPG Signatures Verification Weakness
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
73984 libpng png_rgb_to_gray Function PNG File Handling Overflow
73982 libpng pngrutil.c png_handle_sCAL Function PNG File Handling Memory Corruptio...
73686 libcurl http_negotiate.c Curl_input_negotiate Function GSSAPI Credential Dele...
73493 libpng pngerror.c png_format_buffer() Off-by-one PNG Image Handling Remote DoS
73340 vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS

ExploitDB Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
35359 tcpdump 4.6.2 Geonet Decoder Denial of Service
34923 Linux Kernel remount FUSE Exploit
34134 Linux Kernel ptrace/sysret - Local Privilege Escalation
33516 Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition...
32998 Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
32791 Heartbleed OpenSSL - Information Leak Exploit (1)
32764 OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS ...
32745 OpenSSL TLS Heartbeat Extension - Memory Disclosure
28726 OpenSSL SSLv2 Null Pointer Dereference Client Denial of Service Vulnerability
28338 Vino VNC Server 3.7.3 - Persistent Denial of Service
27778 Samba nttrans Reply - Integer Overflow Vulnerability
24487 cURL Buffer Overflow Vulnerability
18040 Xorg 1.4 to 1.11.2 File Permission Change PoC
17787 Linux Kernel < 2.6.36.2 Econet Privilege Escalation Exploit
16270 vsftpd 2.3.2 Denial of Service Vulnerability
15704 Linux Kernel <= 2.6.37 - Local Privilege Escalation
15344 Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
15285 Linux RDS Protocol Local Privilege Escalation
15150 Linux Kernel < 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
14422 libpng <= 1.4.2 Denial of Service Vulnerability
14339 Ubuntu PAM MOTD Local Root Exploit
14273 Ubuntu PAM MOTD File Tampering (Privilege Escalation)
10579 TLS Renegotiation Vulnerability PoC Exploit
9575 Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
9574 Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
File : nvt/deb_2406_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)
File : nvt/deb_2427_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2469-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2469_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2581-1 (mysql-5.1 - several vulnerabilities)
File : nvt/deb_2581_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-31 Name : Fedora Update for bind FEDORA-2012-19822
File : nvt/gb_fedora_2012_19822_bind_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20404
File : nvt/gb_fedora_2012_20404_libtiff_fc16.nasl
2012-12-31 Name : Fedora Update for libtiff FEDORA-2012-20446
File : nvt/gb_fedora_2012_20446_libtiff_fc17.nasl
2012-12-27 Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos5
File : nvt/gb_CESA-2012_1590_libtiff_centos5.nasl
2012-12-26 Name : CentOS Update for libtiff CESA-2012:1590 centos6
File : nvt/gb_CESA-2012_1590_libtiff_centos6.nasl
2012-12-26 Name : RedHat Update for libtiff RHSA-2012:1590-01
File : nvt/gb_RHSA-2012_1590-01_libtiff.nasl
2012-12-26 Name : Fedora Update for qt FEDORA-2012-19715
File : nvt/gb_fedora_2012_19715_qt_fc16.nasl
2012-12-24 Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Mac OS X)
File : nvt/gb_libreoffice_xml_manifest_bof_vuln_macosx.nasl
2012-12-24 Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
File : nvt/gb_libreoffice_xml_manifest_bof_vuln_win.nasl
2012-12-24 Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows)
File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-18 Name : Ubuntu Update for glibc USN-1589-2
File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-12-18 Name : Ubuntu Update for aptdaemon USN-1666-1
File : nvt/gb_ubuntu_USN_1666_1.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-14 Name : Fedora Update for qt FEDORA-2012-19759
File : nvt/gb_fedora_2012_19759_qt_fc17.nasl

Information Assurance Vulnerability Management (IAVM)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-A-0222 Multiple Security Vulnerabilities in Apple iOS
Severity: Category I - VMSKEY: V0061471
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0174 Multiple Vulnerabilities in Apache HTTP Server
Severity: Category I - VMSKEY: V0061135
2015-A-0160 Multiple Vulnerabilities in Oracle Linux and Virtualization
Severity: Category I - VMSKEY: V0061123
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083
2015-A-0150 Multiple Security Vulnerabilities in Juniper Networks CTPView
Severity: Category I - VMSKEY: V0061073
2015-A-0141 Multiple Security Vulnerabilities in IBM WebSphere Application Server
Severity: Category I - VMSKEY: V0061061
2015-B-0087 Multiple Vulnerabilities in IBM WebSphere Portal
Severity: Category I - VMSKEY: V0061053
2015-B-0068 Multiple Vulnerabilities in PostgreSQL
Severity: Category I - VMSKEY: V0060809
2015-A-0042 Samba Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0058919
2015-A-0038 Multiple Vulnerabilities in GNU C Library (glibc)
Severity: Category I - VMSKEY: V0058753
2015-B-0013 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0058515
2015-B-0014 Multiple Vulnerabilities in VMware ESXi 5.5
Severity: Category I - VMSKEY: V0058513
2015-B-0007 Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity: Category I - VMSKEY: V0058213
2014-B-0161 Multiple Vulnerabilities in VMware ESXi 5.1
Severity: Category I - VMSKEY: V0057717
2014-B-0105 Samba Remote Code Execution
Severity: Category I - VMSKEY: V0053637
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0063 Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity: Category I - VMSKEY: V0050009
2014-A-0062 Multiple Vulnerabilities In McAfee Email Gateway
Severity: Category I - VMSKEY: V0050005
2014-B-0050 McAfee Web Gateway Information Disclosure Vulnerability
Severity: Category I - VMSKEY: V0050003
2014-B-0046 Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity: Category I - VMSKEY: V0049737
2014-A-0057 Multiple Vulnerabilities in Oracle MySQL Products
Severity: Category I - VMSKEY: V0049591
2014-A-0053 Multiple Vulnerabilities in Juniper Network JUNOS
Severity: Category I - VMSKEY: V0049589
2014-A-0054 Multiple Vulnerabilities in Oracle Database
Severity: Category I - VMSKEY: V0049587

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 IPv6 packets encapsulated in IPv4
RuleID : 8446 - Type : POLICY-OTHER - Revision : 8
2021-01-12 Apache Server mod_proxy Error Page cross site scripting attempt
RuleID : 56563 - Type : SERVER-WEBAPP - Revision : 1
2020-12-10 Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt
RuleID : 56290 - Type : OS-WINDOWS - Revision : 6
2020-11-24 Apache Tomcat WebSocket length denial of service attempt
RuleID : 56086 - Type : SERVER-WEBAPP - Revision : 1
2020-10-22 Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disablin...
RuleID : 55802 - Type : OS-WINDOWS - Revision : 1
2020-10-22 Apache Tomcat HTTP/2 denial of service attempt
RuleID : 55801 - Type : SERVER-WEBAPP - Revision : 1
2020-10-22 Apache Tomcat HTTP/2 denial of service attempt
RuleID : 55800 - Type : SERVER-WEBAPP - Revision : 1
2020-10-20 Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privil...
RuleID : 55704 - Type : OS-WINDOWS - Revision : 2
2020-10-20 Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privil...
RuleID : 55703 - Type : OS-WINDOWS - Revision : 2
2020-07-07 Apache Tomcat FileStore directory traversal attempt
RuleID : 54162 - Type : SERVER-WEBAPP - Revision : 1
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54033 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54032 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54031 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack wheel directory traversal attempt
RuleID : 54030 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54023 - Type : SERVER-OTHER - Revision : 3
2020-06-23 SaltStack authentication bypass attempt
RuleID : 54022 - Type : SERVER-OTHER - Revision : 3
2020-04-21 Apache Log4j SocketServer insecure deserialization remote code execution attempt
RuleID : 53475 - Type : SERVER-OTHER - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53432 - Type : SERVER-MAIL - Revision : 1
2020-04-14 OpenSMTPD smtp_mailaddr command injection attempt
RuleID : 53431 - Type : SERVER-MAIL - Revision : 1
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-17 Apple Safari Webkit WebCore memory corruption attempt
RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2020-0985 attack attempt
RuleID : 53045 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2020-0984 attack attempt
RuleID : 53044 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52571 - Type : FILE-OTHER - Revision : 1
2020-12-05 TRUFFLEHUNTER TALOS-2019-0973 attack attempt
RuleID : 52570 - Type : FILE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0059.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_6_43.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_5_7_25.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote database server is affected by multiple vulnerabilities.
File: mysql_8_0_14.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2019-0049.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: A PHP application running on the remote web server is affected by multiple vu...
File: drupal_8_6_6.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-e6ca5847c7.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_10_0_37.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote database server is affected by multiple vulnerabilities
File: mariadb_5_5_42.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO
2019-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-011-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2019-013-01.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1146.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2019-1147.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4367.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-18b3a10c7f.nasl - Type: ACT_GATHER_INFO
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-75a8da28f0.nasl - Type: ACT_GATHER_INFO