U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • CPE Name Search: true
There are 271 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

Published: September 30, 2021; 11:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2021-3709

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;

Published: September 30, 2021; 11:15:06 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-1055

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.

Published: April 07, 2021; 4:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-1054

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Published: April 07, 2021; 4:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-3444

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

Published: March 23, 2021; 2:15:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Published: February 10, 2021; 3:15:15 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-12352

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

Published: November 23, 2020; 12:15:12 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 3.3 LOW
CVE-2020-25645

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Published: October 13, 2020; 4:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

Published: October 07, 2020; 11:15:12 AM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

Published: October 02, 2020; 11:15:12 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

Published: October 02, 2020; 11:15:12 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Published: September 27, 2020; 12:15:11 AM -0400
V3.1: 7.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2020-14392

An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

Published: September 16, 2020; 9:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-14345

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: September 15, 2020; 10:15:13 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-15704

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

Published: August 31, 2020; 8:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-8622

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

Published: August 21, 2020; 5:15:12 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-15862

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

Published: August 19, 2020; 9:17:13 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

Published: August 17, 2020; 3:15:15 PM -0400
V3.1: 10.0 CRITICAL
V2.0: 9.3 HIGH
CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

Published: July 31, 2020; 6:15:11 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW
CVE-2020-14310

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.

Published: July 31, 2020; 6:15:11 PM -0400
V3.1: 6.0 MEDIUM
V2.0: 3.6 LOW