Vulnerabilities > Ubuntu

DATE CVE VULNERABILITY TITLE RISK
2009-04-30 CVE-2009-1295 Configuration vulnerability in multiple products
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
1.9
2009-03-05 CVE-2009-0578 Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 8.10
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.
local
low complexity
ubuntu CWE-264
6.2
2009-03-05 CVE-2009-0365 Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
local
low complexity
ubuntu CWE-264
4.6
2009-01-02 CVE-2006-7236 Configuration vulnerability in Invisible-Island Xterm NIL
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
9.3
2008-11-17 CVE-2008-5104 Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.
local
low complexity
dcgrendel ubuntu CWE-255
7.2
2008-11-17 CVE-2008-5103 Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
local
low complexity
dcgrendel ubuntu CWE-255
7.2
2008-11-04 CVE-2008-4306 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ubuntu Linux
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
network
ubuntu CWE-119
critical
9.3
2008-07-07 CVE-2008-2808 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
4.3
2008-05-18 CVE-2008-2285 Cryptographic Issues vulnerability in Ubuntu Linux 7.04/7.10/8.04
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
network
low complexity
ubuntu CWE-310
5.0
2008-01-17 CVE-2008-0172 Improper Input Validation vulnerability in Boost 1.33/1.34
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
network
low complexity
ubuntu boost CWE-20
5.0