Canonical Ubuntu Linux vulnerabilities

CVE-2011-4915 [MEDIUM] CWE-200 CVE-2011-4915: fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke info fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

CVE-2020-6061 [CRITICAL] CWE-125 CVE-2020-6061: An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server par An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.

CVE-2020-6062 [HIGH] CWE-476 CVE-2020-6062: An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses PO An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

CVE-2012-0055 [HIGH] CWE-862 CVE-2012-0055: OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

CVE-2015-7747 [HIGH] CWE-120 CVE-2015-7747: Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.

CVE-2015-0258 [HIGH] CWE-434 CVE-2015-0258: Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php i Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.

CVE-2020-8992 [MEDIUM] CWE-400 CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows att ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

CVE-2019-19921 [HIGH] CWE-706 CVE-2019-19921: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that hap

CVE-2018-14553 [HIGH] CWE-476 CVE-2018-14553: gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attack gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

CVE-2020-5529 [HIGH] CWE-665 CVE-2020-5529: HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code c

CVE-2019-11481 [HIGH] CWE-59 CVE-2019-11481: Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated p Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

CVE-2019-11484 [HIGH] CWE-190 CVE-2019-11484: Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.

CVE-2019-11482 [MEDIUM] CWE-367 CVE-2019-11482: Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

CVE-2019-11483 [LOW] CVE-2019-11483: Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

CVE-2019-11485 [LOW] CWE-412 CVE-2019-11485: Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users t Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

CVE-2020-1700 [MEDIUM] CWE-400 CVE-2020-1700: A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenti A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the

CVE-2016-9928 [HIGH] CWE-269 CVE-2016-9928: MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercep MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

CVE-2020-8648 [HIGH] CWE-416 CVE-2020-8648: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_c There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

CVE-2014-1958 [HIGH] CWE-120 CVE-2014-1958: Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

CVE-2014-2030 [HIGH] CVE-2014-2030: Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6 Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.