Product:

Ubuntu_linux

(Canonical)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/LibRaw/LibRaw
https://github.com/neomutt/neomutt
https://github.com/xkbcommon/libxkbcommon
https://github.com/file/file
https://github.com/FreeRDP/FreeRDP
https://github.com/kyz/libmspack
https://github.com/gpac/gpac
https://github.com/curl/curl
https://github.com/krb5/krb5
https://github.com/apache/httpd
https://github.com/madler/zlib
https://github.com/dbry/WavPack
https://github.com/audreyt/module-signature
https://github.com/tats/w3m
https://github.com/libarchive/libarchive
https://github.com/Perl/perl5
https://github.com/libgd/libgd
https://github.com/ntp-project/ntp
https://github.com/LibVNC/libvncserver
https://github.com/openvswitch/ovs
https://github.com/newsoft/libvncserver
https://github.com/rubygems/rubygems
https://github.com/mm2/Little-CMS
https://github.com/memcached/memcached
https://github.com/erikd/libsndfile
https://github.com/dosfstools/dosfstools
https://github.com/php/php-src
https://github.com/WebKit/webkit
https://github.com/lxc/lxcfs
https://github.com/bagder/curl
https://github.com/vrtadmin/clamav-devel
• git://git.openssl.org/openssl.git
https://github.com/opencontainers/runc
https://github.com/pyca/cryptography
https://git.kernel.org/pub/scm/git/git.git
https://github.com/openbsd/src
https://github.com/openssh/openssh-portable
https://github.com/openstack/glance
https://github.com/mongodb/mongo-python-driver
https://github.com/jpirko/libndp
https://github.com/FFmpeg/FFmpeg
https://github.com/requests/requests
https://github.com/glennrp/libpng
https://github.com/vim/vim
https://github.com/rdoc/rdoc
https://github.com/ansible/ansible
https://github.com/hexchat/hexchat
https://github.com/GNOME/pango
https://github.com/stoth68000/media-tree
https://github.com/ImageMagick/ImageMagick6
https://github.com/kennethreitz/requests
https://github.com/lxml/lxml
https://github.com/beanshell/beanshell
https://github.com/git/git
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/mysql/mysql-server
https://github.com/dovecot/core
https://github.com/openstack/nova-lxd
https://github.com/apple/cups
https://github.com/derickr/timelib
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/lxc/lxc
https://github.com/flori/json
https://github.com/qpdf/qpdf
https://github.com/TeX-Live/texlive-source
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/Cisco-Talos/clamav-devel
https://github.com/moinwiki/moin-1.9
https://github.com/libimobiledevice/libimobiledevice
https://github.com/wikimedia/mediawiki
https://github.com/kohler/t1utils
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/quassel/quassel
https://github.com/openstack/nova
#Vulnerabilities 4095
Date Id Summary Products Score Patch Annotated
2010-12-06 CVE-2010-3904 The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. Ubuntu_linux, Linux_kernel, Opensuse, Enterprise_linux, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Esxi 7.8
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Cassandra, Ubuntu_linux, Debian_linux, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_balance, Oncommand_cloud_manager, Oncommand_insight, Oncommand_performance_manager, Oncommand_report, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Jdk, Jre, Jrockit, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud 9.8
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. Tomcat, Ubuntu_linux, Debian_linux, 7\-Mode_transition_tool, Oncommand_insight, Oncommand_shift, Snap_creator_framework, Agile_engineering_data_management, Agile_plm, Communications_application_session_controller, Communications_instant_messaging_server, Communications_interactive_session_recorder, Hospitality_guest_access, Micros_relate_crm_software, Micros_retail_xbri_loss_prevention, Mysql_enterprise_monitor, Retail_convenience_and_fuel_pos_software, Transportation_management, Jboss_enterprise_web_server 9.8
2020-03-06 CVE-2019-20503 usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Ubuntu_linux, Debian_linux, Usrsctp 6.5
2022-02-16 CVE-2021-3560 It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Ubuntu_linux, Debian_linux, Polkit, Openshift_container_platform, Virtualization, Virtualization_host 7.8
2020-04-06 CVE-2020-11565 An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.” Ubuntu_linux, Linux_kernel 6.0
2024-01-08 CVE-2022-2586 It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Ubuntu_linux, Linux_kernel 7.8
2007-03-24 CVE-2007-1667 Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. Ubuntu_linux, Debian_linux, Libx11 N/A
2023-06-16 CVE-2023-35788 An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Ubuntu_linux, Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware 7.8
2019-12-10 CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that... Ubuntu_linux, Debian_linux, Fedora, Leap, Samba 5.3