Vulnerabilities > Ubuntu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-26 | CVE-2019-15796 | Improper Verification of Cryptographic Signature vulnerability in multiple products Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. | 2.6 |
| 2020-03-26 | CVE-2019-15795 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. | 2.6 |
| 2018-03-02 | CVE-2017-14461 | Out-of-bounds Read vulnerability in multiple products A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. | 5.5 |
| 2016-04-19 | CVE-2015-5479 | Numeric Errors vulnerability in multiple products The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | 6.5 |
| 2015-04-29 | CVE-2015-1322 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. | 4.6 |
| 2015-03-12 | CVE-2015-2285 | Data Processing Errors vulnerability in Ubuntu Upstart and Vivid The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. | 7.2 |
| 2014-11-24 | CVE-2014-1424 | Permissions, Privileges, and Access Controls vulnerability in multiple products apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | 6.4 |
| 2014-02-17 | CVE-2013-1070 | Cross-Site Scripting vulnerability in Ubuntu Metal AS A Service 1.2/1.4 Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. | 4.3 |
| 2014-02-17 | CVE-2013-1069 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Metal AS A Service 1.2/1.4 Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | 2.1 |
| 2014-02-05 | CVE-2011-4613 | Permissions, Privileges, and Access Controls vulnerability in multiple products The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. | 4.6 |