Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-02-02 | CVE-2009-4013 | Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems. | Ubuntu_linux, Debian_linux, Lintian | 9.8 | ||
| 2015-04-19 | CVE-2015-1241 | Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | Ubuntu_linux, Debian_linux, Chrome, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise | N/A | ||
| 2009-11-16 | CVE-2009-3939 | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | Aura_application_enablement_services, Aura_communication_manager, Aura_session_manager, Aura_sip_enablement_services, Aura_system_manager, Aura_system_platform, Voice_portal, Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server | 7.1 | ||
| 2020-01-23 | CVE-2019-17570 | An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. | Xml\-Rpc, Ubuntu_linux, Debian_linux, Fedora, Software_collections | 9.8 | ||
| 2008-10-15 | CVE-2008-4577 | The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | Ubuntu_linux, Dovecot, Fedora, Opensuse | 7.5 | ||
| 2017-03-28 | CVE-2017-6964 | dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before... | Ubuntu_linux, Debian_linux | 7.8 | ||
| 2008-08-06 | CVE-2008-2939 | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | Http_server, Mac_os_x, Ubuntu_linux, Opensuse | N/A | ||
| 2020-06-09 | CVE-2020-10757 | A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Steelstore_cloud_integrated_storage, Leap, Enterprise_linux, Enterprise_mrg | 7.8 | ||
| 2017-02-03 | CVE-2016-10165 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | Ubuntu_linux, Debian_linux, Little_cms_color_engine, Active_iq_unified_manager, E\-Series_santricity_management, E\-Series_santricity_os_controller, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 7.1 | ||
| 2018-05-24 | CVE-2018-8013 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | Batik, Ubuntu_linux, Debian_linux, Business_intelligence, Communications_diameter_signaling_router, Communications_metasolv_solution, Communications_webrtc_session_controller, Data_integrator, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Fusion_middleware_mapviewer, Instantis_enterprisetrack, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Jd_edwards_enterpriseone_tools, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management | 9.8 |