Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2004-12-31	CVE-2004-2154	CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.	Cups, Ubuntu_linux	9.8
2019-10-11	CVE-2019-2215	A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095	Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Alp\-Tl00b_firmware, Anne\-Al00_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00chw_firmware, Barca\-Al00_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Columbia\-Al00a_firmware, Columbia\-L29d_firmware, Cornell\-Tl10b_firmware, Duke\-L09i_firmware, Dura\-Al00a_firmware, Figo\-Al00a_firmware, Florida\-Al20b_firmware, Florida\-L03_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-Tl10b_firmware, Honor_9i_firmware, Honor_view_20_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Leland\-Al10b_firmware, Leland\-L21a_firmware, Leland\-L32a_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-L22c_firmware, Mate_rs_firmware, Neo\-Al00d_firmware, Nova_2s_firmware, Nova_3_firmware, Nova_3e_firmware, P20_firmware, P20_lite_firmware, Princeton\-Al10b_firmware, Rhone\-Al00_firmware, Stanford\-L09_firmware, Stanford\-L09s_firmware, Sydney\-Al00_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-L21a_firmware, Yale\-Tl00b_firmware, A220_firmware, A320_firmware, A800_firmware, Aff_baseboard_management_controller_firmware, C190_firmware, Cloud_backup, Data_availability_services, Fas2720_firmware, Fas2750_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H610s_firmware, H700s_firmware, Hci_management_node, Service_processor, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage	7.8
2007-12-20	CVE-2007-6353	Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.	Ubuntu_linux, Debian_linux, Exiv2	N/A
2015-11-16	CVE-2015-2925	The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."	Ubuntu_linux, Debian_linux, Linux_kernel	N/A
2017-11-04	CVE-2017-16532	The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.	Ubuntu_linux, Debian_linux, Linux_kernel	6.6
2019-10-28	CVE-2019-11043	In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.	Ubuntu_linux, Debian_linux, Fedora, Php, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Software_collections, Tenable\.sc	9.8
2018-06-08	CVE-2018-4233	An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux	8.8
2020-03-06	CVE-2019-20503	usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.	Ubuntu_linux, Debian_linux, Usrsctp	6.5
2007-03-24	CVE-2007-1667	Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.	Ubuntu_linux, Debian_linux, Libx11	N/A
2019-12-10	CVE-2019-14861	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that...	Ubuntu_linux, Debian_linux, Fedora, Leap, Samba	5.3

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)