Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
There are 148 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

Published: December 16, 2016; 10:59:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

Published: December 16, 2016; 10:59:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-1328

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Published: November 27, 2016; 10:59:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2011-0997

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Published: April 08, 2011; 11:17:27 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-3850

The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3849

The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2010-3848

Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.

Published: December 30, 2010; 2:00:03 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-3904

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

Published: December 06, 2010; 3:13:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-4072

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

Published: November 29, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-3705

The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.

Published: November 26, 2010; 3:00:02 PM -0500
V3.x:(not available)
V2.0: 8.3 HIGH
CVE-2010-2963

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Published: November 26, 2010; 2:00:06 PM -0500
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-3432

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.

Published: November 22, 2010; 8:00:02 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3442

Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.

Published: October 04, 2010; 5:00:04 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2010-3437

Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.

Published: October 04, 2010; 5:00:04 PM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2010-3297

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

Published: September 30, 2010; 11:00:02 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-3310

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions.

Published: September 29, 2010; 1:00:04 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2010-3084

Buffer overflow in the niu_get_ethtool_tcam_all function in drivers/net/niu.c in the Linux kernel before 2.6.36-rc4 allows local users to cause a denial of service or possibly have unspecified other impact via the ETHTOOL_GRXCLSRLALL ethtool command.

Published: September 29, 2010; 1:00:04 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

Published: September 29, 2010; 1:00:04 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-2478

Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084.

Published: September 29, 2010; 1:00:04 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH