cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
Source: Canonical Ltd.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-12-12
Updated
2023-12-18

CVE-2021-3493

Known exploited
Public exploit
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Source: Canonical Ltd.
Max CVSS
8.8
EPSS Score
0.59%
Published
2021-04-17
Updated
2023-07-07
CISA KEV Added
2022-10-20
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
Source: Canonical Ltd.
Max CVSS
8.8
EPSS Score
0.05%
Published
2021-04-17
Updated
2021-05-21
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.13%
Published
2016-12-17
Updated
2017-01-07
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.57%
Published
2016-12-17
Updated
2017-01-07

CVE-2015-1328

Public exploit
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.06%
Published
2016-11-28
Updated
2017-09-21
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
Source: MITRE
Max CVSS
7.5
EPSS Score
97.03%
Published
2011-04-08
Updated
2020-04-01

CVE-2011-0762

Public exploit
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Source: CERT/CC
Max CVSS
4.0
EPSS Score
28.98%
Published
2011-03-02
Updated
2021-03-04
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
2.26%
Published
2010-12-06
Updated
2022-08-04
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
Source: MITRE
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-11-29
Updated
2020-08-14
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Source: Apple Inc.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-11-17
Updated
2020-06-04

CVE-2010-3904

Known exploited
Public exploit
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Source: Canonical Ltd.
Max CVSS
7.2
EPSS Score
0.09%
Published
2010-12-06
Updated
2020-08-14
CISA KEV Added
2023-05-12
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
Source: Red Hat, Inc.
Max CVSS
6.8
EPSS Score
0.45%
Published
2010-11-12
Updated
2023-02-13
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
Source: Red Hat, Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-12-30
Updated
2023-02-13
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
Source: Red Hat, Inc.
Max CVSS
4.7
EPSS Score
0.04%
Published
2010-12-30
Updated
2023-02-13
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.
Source: Red Hat, Inc.
Max CVSS
6.9
EPSS Score
0.04%
Published
2010-12-30
Updated
2023-02-13
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
0.24%
Published
2010-11-09
Updated
2023-02-13
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
Source: Red Hat, Inc.
Max CVSS
8.3
EPSS Score
0.65%
Published
2010-11-26
Updated
2023-02-13
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
Source: Red Hat, Inc.
Max CVSS
7.5
EPSS Score
0.43%
Published
2010-11-05
Updated
2020-12-23
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
Source: MITRE
Max CVSS
2.1
EPSS Score
0.04%
Published
2010-09-21
Updated
2020-08-14
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
Source: Red Hat, Inc.
Max CVSS
4.7
EPSS Score
0.04%
Published
2010-10-04
Updated
2023-02-13
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
Source: Red Hat, Inc.
Max CVSS
6.6
EPSS Score
0.04%
Published
2010-10-04
Updated
2023-02-13
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
0.56%
Published
2010-11-09
Updated
2022-09-01
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.
Source: Red Hat, Inc.
Max CVSS
7.8
EPSS Score
1.71%
Published
2010-11-22
Updated
2023-02-13
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.
Source: Red Hat, Inc.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-09-29
Updated
2023-02-13
243 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!