Ubuntu_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ubuntu_linux
(Canonical)

Repositories

• https://github.com/torvalds/linux
• https://github.com/ImageMagick/ImageMagick
• https://github.com/LibRaw/LibRaw
• https://github.com/neomutt/neomutt
• https://github.com/xkbcommon/libxkbcommon

• https://github.com/file/file
• https://github.com/FreeRDP/FreeRDP
• https://github.com/kyz/libmspack
• https://github.com/gpac/gpac
• https://github.com/curl/curl
• https://github.com/krb5/krb5
• https://github.com/apache/httpd
• https://github.com/madler/zlib
• https://github.com/dbry/WavPack
• https://github.com/audreyt/module-signature
• https://github.com/tats/w3m
• https://github.com/libarchive/libarchive
• https://github.com/Perl/perl5
• https://github.com/libgd/libgd
• https://github.com/ntp-project/ntp
• https://github.com/LibVNC/libvncserver
• https://github.com/openvswitch/ovs
• https://github.com/newsoft/libvncserver
• https://github.com/rubygems/rubygems
• https://github.com/mm2/Little-CMS
• https://github.com/memcached/memcached
• https://github.com/erikd/libsndfile
• https://github.com/dosfstools/dosfstools
• https://github.com/php/php-src
• https://github.com/WebKit/webkit
• https://github.com/lxc/lxcfs
• https://github.com/bagder/curl
• https://github.com/vrtadmin/clamav-devel
• https://github.com/mdadams/jasper
• https://github.com/pyca/cryptography
• https://github.com/bcgit/bc-java
• git://git.openssl.org/openssl.git
• https://github.com/opencontainers/runc
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable
• https://github.com/openstack/glance
• https://github.com/mongodb/mongo-python-driver
• https://github.com/jpirko/libndp
• https://github.com/FFmpeg/FFmpeg
• https://github.com/requests/requests
• https://github.com/glennrp/libpng
• https://github.com/vim/vim
• https://github.com/rdoc/rdoc
• https://github.com/ansible/ansible
• https://github.com/hexchat/hexchat
• https://github.com/GNOME/pango
• https://github.com/stoth68000/media-tree
• https://github.com/ImageMagick/ImageMagick6
• https://github.com/kennethreitz/requests
• https://github.com/lxml/lxml
• https://github.com/beanshell/beanshell
• https://github.com/git/git
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/mysql/mysql-server
• https://github.com/dovecot/core
• https://github.com/openstack/nova-lxd
• https://github.com/apple/cups
• https://github.com/derickr/timelib
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/puppetlabs/puppet
• https://github.com/lxc/lxc
• https://github.com/flori/json
• https://github.com/qpdf/qpdf
• https://github.com/TeX-Live/texlive-source
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/Cisco-Talos/clamav-devel
• https://github.com/moinwiki/moin-1.9
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/wikimedia/mediawiki
• https://github.com/kohler/t1utils
• https://github.com/khaledhosny/ots
• https://github.com/jmacd/xdelta-devel
• https://github.com/quassel/quassel
• https://github.com/openstack/nova

#Vulnerabilities

4103

Date	Id	Summary	Products	Score	Patch	Annotated
2009-04-06	CVE-2009-1242	The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Opensuse	N/A
2009-08-06	CVE-2009-2625	XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.	Xerces2_java, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Jdk, Primavera_p6_enterprise_project_portfolio_management, Primavera_web_services, Linux_enterprise_server	N/A
2009-05-28	CVE-2009-1633	Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.	Ubuntu_linux, Debian_linux, Linux_kernel	N/A
2009-06-08	CVE-2009-1956	Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.	Apr\-Util, Http_server, Ubuntu_linux	N/A
2009-07-01	CVE-2009-2287	The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function.	Ubuntu_linux, Debian_linux, Linux_kernel	N/A
2009-08-28	CVE-2009-3001	The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.	Ubuntu_linux, Linux_kernel	N/A
2009-08-28	CVE-2009-3002	The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM...	Ubuntu_linux, Linux_kernel	N/A
2009-10-19	CVE-2009-3228	The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.	Ubuntu_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation	N/A
2009-10-19	CVE-2009-3612	The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.	Ubuntu_linux, Fedora, Linux_kernel, Opensuse, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit	N/A
2010-02-15	CVE-2010-0623	The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem.	Ubuntu_linux, Linux_kernel, Opensuse	N/A