Vulnerabilities > Ubuntu > Ubuntu Linux

DATE CVE VULNERABILITY TITLE RISK
2010-08-10 CVE-2010-0834 Improper Authentication vulnerability in Ubuntu Linux 10.04/9.10
The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.
network
ubuntu dell CWE-287
critical
9.3
2009-09-21 CVE-2009-2939 Link Following vulnerability in Postfix 2.5.5
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
6.9
2009-03-05 CVE-2009-0578 Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux 8.10
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.
local
low complexity
ubuntu CWE-264
6.2
2009-03-05 CVE-2009-0365 Permissions, Privileges, and Access Controls vulnerability in Ubuntu Linux
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
local
low complexity
ubuntu CWE-264
4.6
2008-11-17 CVE-2008-5104 Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.
local
low complexity
dcgrendel ubuntu CWE-255
7.2
2008-11-17 CVE-2008-5103 Credentials Management vulnerability in Dcgrendel Vmbuilder 0.9
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.
local
low complexity
dcgrendel ubuntu CWE-255
7.2
2008-07-07 CVE-2008-2808 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.
4.3
2008-01-17 CVE-2008-0172 Improper Input Validation vulnerability in Boost 1.33/1.34
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
network
low complexity
ubuntu boost CWE-20
5.0
2007-10-29 CVE-2007-3920 GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
local
high complexity
ubuntu compiz gnome
6.2
2007-10-11 CVE-2007-5365 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
local
low complexity
debian openbsd redhat sun ubuntu CWE-119
7.2