Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
There are 244 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Published: April 17, 2021; 1:15:14 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3492

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Published: April 17, 2021; 1:15:13 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2013-1055

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Published: April 07, 2021; 4:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Published: April 07, 2021; 4:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-7747

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

Published: February 19, 2020; 4:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Published: January 31, 2020; 5:15:11 PM -0500
V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: January 23, 2020; 3:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

Published: November 29, 2019; 4:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 6.4 MEDIUM
CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Published: November 20, 2019; 4:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Published: November 20, 2019; 4:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

Published: August 13, 2019; 5:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9517

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2019-9515

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9513

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-9511

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Published: August 13, 2019; 5:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2015-1341

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Published: April 22, 2019; 12:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-1327

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.

Published: April 22, 2019; 12:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.3 MEDIUM