Vulnerabilities > Ubuntu

DATE CVE VULNERABILITY TITLE RISK
2020-03-26 CVE-2019-15796 Improper Verification of Cryptographic Signature vulnerability in multiple products
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier.
network
high complexity
ubuntu canonical debian CWE-347
2.6
2020-03-26 CVE-2019-15795 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier.
network
high complexity
ubuntu canonical debian CWE-327
2.6
2018-03-02 CVE-2017-14461 Information Exposure vulnerability in multiple products
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service.
network
low complexity
dovecot debian ubuntu CWE-200
5.5
2016-04-19 CVE-2015-5479 Numeric Errors vulnerability in multiple products
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
4.3
2015-04-29 CVE-2015-1322 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a ..
local
low complexity
canonical ubuntu CWE-22
4.6
2015-03-12 CVE-2015-2285 Data Processing Errors vulnerability in Ubuntu Upstart and Vivid
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
local
low complexity
ubuntu CWE-19
7.2
2015-03-12 CVE-2015-2150 Permissions, Privileges, and Access Controls vulnerability in multiple products
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
local
low complexity
ubuntu xen linux CWE-264
4.9
2014-11-24 CVE-2014-1424 Permissions, Privileges, and Access Controls vulnerability in multiple products
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."
network
low complexity
ubuntu canonical CWE-264
6.4
2014-02-17 CVE-2013-1070 Cross-Site Scripting vulnerability in Ubuntu Metal AS A Service 1.2/1.4
Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.
network
ubuntu CWE-79
4.3
2014-02-17 CVE-2013-1069 Permissions, Privileges, and Access Controls vulnerability in Ubuntu Metal AS A Service 1.2/1.4
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.
local
low complexity
ubuntu CWE-264
2.1