Vulnerabilities > Ubuntu
|2020-03-26||CVE-2019-15796|| Improper Verification of Cryptographic Signature vulnerability in multiple products |
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier.
| 2.6 |
|2020-03-26||CVE-2019-15795|| USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products |
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier.
| 2.6 |
|2018-03-02||CVE-2017-14461|| Information Exposure vulnerability in multiple products |
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service.
| 5.5 |
|2016-04-19||CVE-2015-5479|| Numeric Errors vulnerability in multiple products |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
| 4.3 |
|2015-04-29||CVE-2015-1322|| Path Traversal vulnerability in multiple products |
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a ..
| 4.6 |
|2015-03-12||CVE-2015-2285|| Data Processing Errors vulnerability in Ubuntu Upstart and Vivid |
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
| 7.2 |
|2015-03-12||CVE-2015-2150|| Permissions, Privileges, and Access Controls vulnerability in multiple products |
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
| 4.9 |
|2014-11-24||CVE-2014-1424|| Permissions, Privileges, and Access Controls vulnerability in multiple products |
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."
| 6.4 |
|2014-02-17||CVE-2013-1070|| Cross-Site Scripting vulnerability in Ubuntu Metal AS A Service 1.2/1.4 |
Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.
| 4.3 |
|2014-02-17||CVE-2013-1069|| Permissions, Privileges, and Access Controls vulnerability in Ubuntu Metal AS A Service 1.2/1.4 |
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.
| 2.1 |