Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4151 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2024-08-06 | N/A |
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | ||||
CVE-2015-1421 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-08-06 | N/A |
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. | ||||
CVE-2015-1325 | 1 Canonical | 1 Ubuntu Linux | 2024-08-06 | N/A |
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | ||||
CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2024-08-06 | N/A |
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | ||||
CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2024-08-06 | N/A |
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | ||||
CVE-2015-1344 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2024-08-06 | N/A |
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. | ||||
CVE-2015-1342 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2024-08-06 | N/A |
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | ||||
CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-08-06 | N/A |
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | ||||
CVE-2015-1328 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-08-06 | N/A |
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | ||||
CVE-2015-1330 | 2 Canonical, Debian | 2 Ubuntu Linux, Unattended-upgrades | 2024-08-06 | N/A |
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | ||||
CVE-2015-1336 | 3 Canonical, Debian, Man-db Project | 3 Ubuntu Linux, Debian Linux, Man-db | 2024-08-06 | N/A |
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | ||||
CVE-2015-1319 | 1 Canonical | 1 Ubuntu Linux | 2024-08-06 | N/A |
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | ||||
CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2024-08-06 | N/A |
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | ||||
CVE-2015-1323 | 1 Canonical | 1 Ubuntu Linux | 2024-08-06 | N/A |
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. | ||||
CVE-2015-1329 | 1 Canonical | 1 Ubuntu Linux | 2024-08-06 | N/A |
Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | ||||
CVE-2015-1337 | 2 Canonical, Simpestreams Project | 2 Ubuntu Linux, Simplestreams | 2024-08-06 | N/A |
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. | ||||
CVE-2015-1315 | 2 Canonical, Info-zip | 2 Ubuntu Linux, Unzip | 2024-08-06 | N/A |
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | ||||
CVE-2015-1332 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2024-08-06 | N/A |
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. | ||||
CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2024-08-06 | N/A |
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | ||||
CVE-2015-1283 | 9 Canonical, Debian, Google and 6 more | 14 Ubuntu Linux, Debian Linux, Chrome and 11 more | 2024-08-06 | N/A |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. |