CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-12836 77 Exec Code 2017-08-24 2017-09-07
5.1
None Remote High Not required Partial Partial Partial
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
2 CVE-2017-8386 264 +Priv 2017-06-01 2017-06-30
6.5
None Remote Low Single system Partial Partial Partial
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
3 CVE-2017-7980 119 DoS Exec Code Overflow 2017-07-25 2017-07-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
4 CVE-2017-7358 22 Dir. Trav. 2017-04-05 2017-08-15
6.9
None Local Medium Not required Complete Complete Complete
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
5 CVE-2017-6964 388 Exec Code 2017-03-27 2017-04-07
7.2
None Local Low Not required Complete Complete Complete
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.
6 CVE-2017-6590 284 Exec Code 2017-03-09 2017-07-17
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
7 CVE-2017-6362 415 DoS 2017-09-07 2017-09-13
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
8 CVE-2017-5936 254 Bypass 2017-04-12 2017-04-20
5.0
None Remote Low Not required None Partial None
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
9 CVE-2016-10109 416 DoS 2017-02-23 2017-06-30
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
10 CVE-2016-9963 320 2017-02-01 2017-02-15
2.6
None Remote High Not required Partial None None
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
11 CVE-2016-9950 22 Dir. Trav. 2016-12-16 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
12 CVE-2016-9949 94 Exec Code 2016-12-16 2017-01-06
9.3
Admin Remote Medium Not required Complete Complete Complete
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
13 CVE-2016-9775 264 +Priv 2017-03-23 2017-03-31
7.2
None Local Low Not required Complete Complete Complete
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
14 CVE-2016-9774 59 +Priv +Info 2017-03-23 2017-03-31
7.2
None Local Low Not required Complete Complete Complete
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
15 CVE-2016-9243 20 2017-03-27 2017-04-04
5.0
None Remote Low Not required None Partial None
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
16 CVE-2016-9119 79 XSS 2017-01-30 2017-02-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17 CVE-2016-9014 264 2016-12-09 2016-12-14
6.8
None Remote Medium Not required Partial Partial Partial
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
18 CVE-2016-9013 798 2016-12-09 2016-12-14
7.5
None Remote Low Not required Partial Partial Partial
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
19 CVE-2016-7795 20 DoS 2016-10-13 2017-07-27
4.9
None Local Low Not required None None Complete
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
20 CVE-2016-7401 254 Bypass CSRF 2016-10-03 2016-10-04
5.0
None Remote Low Not required None Partial None
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
21 CVE-2016-7162 20 2016-09-26 2016-09-28
5.0
None Remote Low Not required None Partial None
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
22 CVE-2016-7117 19 Exec Code 2016-10-10 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
23 CVE-2016-7045 119 DoS Overflow 2016-09-27 2017-07-29
5.0
None Remote Low Not required None None Partial
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
24 CVE-2016-7044 119 DoS Overflow 2016-09-27 2017-07-29
5.0
None Remote Low Not required None None Partial
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
25 CVE-2016-6855 787 DoS 2016-09-07 2017-09-02
5.0
None Remote Low Not required None None Partial
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
26 CVE-2016-6489 310 2017-04-14 2017-06-30
5.0
None Remote Low Not required Partial None None
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
27 CVE-2016-6352 787 DoS 2016-10-03 2016-10-04
5.0
None Remote Low Not required None None Partial
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
28 CVE-2016-6351 787 DoS Exec Code 2016-09-07 2016-09-08
7.2
None Local Low Not required Complete Complete Complete
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
29 CVE-2016-6313 200 +Info 2016-12-13 2017-08-15
5.0
None Remote Low Not required Partial None None
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
30 CVE-2016-6262 125 +Info 2016-09-07 2016-09-08
5.0
None Remote Low Not required Partial None None
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
31 CVE-2016-6261 125 DoS 2016-09-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
32 CVE-2016-6232 22 Dir. Trav. 2016-08-02 2016-11-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
33 CVE-2016-6224 20 +Info 2016-07-22 2017-08-07
2.1
None Local Low Not required Partial None None
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.
34 CVE-2016-5403 399 DoS 2016-08-02 2016-11-28
4.9
None Local Low Not required None None Complete
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
35 CVE-2016-5338 20 DoS Exec Code 2016-06-14 2017-06-30
4.6
None Local Low Not required Partial Partial Partial
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
36 CVE-2016-5337 200 +Info 2016-06-14 2017-06-30
2.1
None Local Low Not required Partial None None
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
37 CVE-2016-5238 119 DoS Overflow 2016-06-14 2017-06-30
2.1
None Local Low Not required None None Partial
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
38 CVE-2016-5195 362 +Priv 2016-11-10 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
39 CVE-2016-5126 119 DoS Exec Code Overflow 2016-06-01 2017-06-30
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
40 CVE-2016-5118 284 Exec Code 2016-06-10 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
41 CVE-2016-5107 125 DoS 2016-09-02 2017-06-30
1.5
None Local Medium Single system None None Partial
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
42 CVE-2016-5106 787 DoS 2016-09-02 2017-06-30
1.5
None Local Medium Single system None None Partial
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.
43 CVE-2016-5105 200 +Info 2016-09-02 2016-09-09
1.9
None Local Medium Not required Partial None None
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
44 CVE-2016-5104 284 Bypass 2016-06-13 2016-11-29
5.0
None Remote Low Not required None Partial None
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
45 CVE-2016-4998 119 DoS Overflow +Info 2016-07-03 2016-11-28
5.6
None Local Low Not required Partial None Complete
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.
46 CVE-2016-4997 264 DoS +Priv Mem. Corr. 2016-07-03 2017-09-02
7.2
None Local Low Not required Complete Complete Complete
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
47 CVE-2016-4971 254 2016-06-30 2017-09-19
4.3
None Remote Medium Not required None Partial None
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
48 CVE-2016-4952 125 DoS 2016-09-02 2016-09-09
1.5
None Local Medium Single system None None Partial
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
49 CVE-2016-4951 DoS 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
50 CVE-2016-4913 200 +Info 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Total number of vulnerabilities : 859   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.