Vulnerabilities > Ubuntu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-28 | CVE-2013-2186 | Improper Input Validation vulnerability in multiple products The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | 7.5 |
| 2011-05-03 | CVE-2011-1842 | Improper Input Validation vulnerability in Ubuntu Language-Selector dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729. | 7.2 |
| 2011-04-29 | CVE-2011-0729 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Language-Selector dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | 7.2 |
| 2011-02-19 | CVE-2011-0724 | Cryptographic Issues vulnerability in Ubuntu Edubuntu and Live DVD The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges. | 9.3 |
| 2010-08-10 | CVE-2010-0834 | Improper Authentication vulnerability in Ubuntu Linux 10.04/9.10 The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. | 9.3 |
| 2009-09-21 | CVE-2009-2939 | Link Following vulnerability in Postfix 2.5.5 The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files. | 6.9 |
| 2009-06-09 | CVE-2009-1296 | Information Exposure vulnerability in Ubuntu 73-Oubuntu and Ubuntu The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. | 1.9 |
| 2009-05-11 | CVE-2009-1601 | Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 9.04 The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. | 6.8 |
| 2009-05-07 | CVE-2008-6792 | Cryptographic Issues vulnerability in Ubuntu Linux 8.10 system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks. | 5.0 |
| 2009-05-06 | CVE-2009-1573 | Permissions, Privileges, and Access Controls vulnerability in multiple products xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments. | 4.6 |