Product:

Ubuntu_linux

(Canonical)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/LibRaw/LibRaw
https://github.com/neomutt/neomutt
https://github.com/xkbcommon/libxkbcommon
https://github.com/kyz/libmspack
https://github.com/FreeRDP/FreeRDP
https://github.com/gpac/gpac
https://github.com/krb5/krb5
https://github.com/curl/curl
https://github.com/dbry/WavPack
https://github.com/file/file
https://github.com/audreyt/module-signature
https://github.com/openvswitch/ovs
https://github.com/apache/httpd
https://github.com/newsoft/libvncserver
https://github.com/LibVNC/libvncserver
https://github.com/Perl/perl5
https://github.com/rubygems/rubygems
https://github.com/libarchive/libarchive
https://github.com/tats/w3m
https://github.com/ntp-project/ntp
https://github.com/erikd/libsndfile
https://github.com/libgd/libgd
https://github.com/memcached/memcached
https://github.com/dosfstools/dosfstools
https://github.com/php/php-src
https://github.com/WebKit/webkit
https://github.com/lxc/lxcfs
https://github.com/bagder/curl
https://github.com/vrtadmin/clamav-devel
https://github.com/ansible/ansible
https://github.com/lxml/lxml
https://github.com/opencontainers/runc
https://github.com/beanshell/beanshell
https://github.com/ImageMagick/ImageMagick6
https://github.com/glennrp/libpng
https://github.com/openssh/openssh-portable
https://github.com/git/git
https://github.com/mm2/Little-CMS
https://github.com/openbsd/src
https://github.com/libjpeg-turbo/libjpeg-turbo
• git://git.openssl.org/openssl.git
https://github.com/mysql/mysql-server
https://github.com/GNOME/pango
https://github.com/dovecot/core
https://git.kernel.org/pub/scm/git/git.git
https://github.com/openstack/nova-lxd
https://github.com/apple/cups
https://github.com/derickr/timelib
https://git.savannah.gnu.org/git/patch.git
https://github.com/requests/requests
https://github.com/puppetlabs/puppet
https://github.com/lxc/lxc
https://github.com/flori/json
https://github.com/qpdf/qpdf
https://github.com/TeX-Live/texlive-source
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/Cisco-Talos/clamav-devel
https://github.com/moinwiki/moin-1.9
https://github.com/pyca/cryptography
https://github.com/libimobiledevice/libimobiledevice
https://github.com/jpirko/libndp
https://github.com/wikimedia/mediawiki
https://github.com/kohler/t1utils
https://github.com/kennethreitz/requests
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/quassel/quassel
https://github.com/hexchat/hexchat
https://github.com/mongodb/mongo-python-driver
https://github.com/openstack/glance
https://github.com/openstack/nova
#Vulnerabilities 2884
Date Id Summary Products Score Patch Annotated
2018-07-26 CVE-2015-9261 huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. Busybox, Ubuntu_linux, Debian_linux 5.5
2017-08-07 CVE-2011-5325 Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. Busybox, Ubuntu_linux, Debian_linux 7.5
2018-06-26 CVE-2018-1000517 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. Busybox, Ubuntu_linux, Debian_linux 9.8
2017-10-24 CVE-2017-15873 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. Busybox, Ubuntu_linux, Debian_linux 5.5
2017-02-09 CVE-2016-2147 Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. Busybox, Ubuntu_linux, Debian_linux 7.5
2021-02-10 CVE-2020-16120 Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9... Ubuntu_linux, Linux_kernel 4.4
2020-05-19 CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap 7.5
2020-05-19 CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap 7.5
2020-04-15 CVE-2019-12521 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash... Ubuntu_linux, Debian_linux, Leap, Squid 5.9
2020-04-15 CVE-2019-12520 An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the... Ubuntu_linux, Debian_linux, Squid 7.5