Ubuntu Linux@* Security Vulnerabilities and Issues — Ubuntu Linux@* CVE List

Lucene search

CanonicalUbuntu Linux*

8 matches found

CVE•added 2021/04/17 5:15 a.m.•1175 views

CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivil...

8.8CVSS7.5AI score0.72208EPSS

CVE•added 2016/05/05 6:59 p.m.•489 views

CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

10CVSS8AI score0.93863EPSS

CVE•added 2021/04/17 5:15 a.m.•251 views

CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ke...

8.8CVSS7.7AI score0.23368EPSS

CVE•added 2016/11/28 3:59 a.m.•224 views

CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs i...

7.8CVSS6.7AI score0.89275EPSS

CVE•added 2005/07/05 4:0 a.m.•65 views

CVE-2004-2154

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

9.8CVSS9.3AI score0.00487EPSS

CVE•added 2016/12/17 3:59 a.m.•64 views

CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

9.3CVSS7.7AI score0.16283EPSS

CVE•added 2016/12/17 3:59 a.m.•54 views

CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this pa...

9.3CVSS7.6AI score0.02361EPSS

CVE•added 2023/12/12 2:15 a.m.•33 views

CVE-2023-5536

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

6.4CVSS6.4AI score0.00053EPSS