13 matches found
EUVD-2015-7843
Malware in sbrugna...
CVE-2015-7946
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...
CVE-2015-7946
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...
UBUNTU-CVE-2015-7946
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...
Information disclosure
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...
CVE-2015-7946 MTP service exposed during emergency dialer
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...
CVE-2015-7946
CVE-2015-7946 describes an Information Exposure vulnerability in Unity8 used on Ubuntu Phone (and possibly elsewhere) that allows an attacker to enable the MTP service by opening the emergency dialer. The issue is confirmed as a vulnerability in Unity8’s handling of the emergency dialer and is mi...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
Code injection
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
The CVE concerns the Python-based Click package (install.py) where file names in tarballs are not required to start with ./, enabling a crafted package to bypass checks and install an alternate security policy, potentially elevating privileges. Affected component: click/install.py; context mentio...
CVE-2015-7946
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1...