Known Vulnerabilities for products from Ubuntu
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ubuntu".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-15796 | Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or i... | 4.7 - MEDIUM | 2020-03-26 | 2020-10-19 |
| CVE-2019-15795 | python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/packa... | 4.7 - MEDIUM | 2020-03-26 | 2020-04-08 |
| CVE-2017-14461 | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in ... | 7.1 - HIGH | 2018-03-02 | 2022-04-19 |
| CVE-2015-5479 | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of ... | 6.5 - MEDIUM | 2016-04-19 | 2023-11-07 |
| CVE-2015-2285 | The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivi... | 7.2 - HIGH | 2015-03-12 | 2015-03-13 |
| CVE-2015-2150 | Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which m... | 4.9 - MEDIUM | 2015-03-12 | 2023-11-07 |
| CVE-2015-1322 | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubunt... | 4.6 - MEDIUM | 2015-04-29 | 2016-05-26 |
| CVE-2014-1424 | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor pol... | 6.4 - MEDIUM | 2014-11-24 | 2014-11-24 |
| CVE-2013-2186 | The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6... | 7.5 - HIGH | 2013-10-28 | 2018-01-09 |
| CVE-2013-1070 | Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers t... | 4.3 - MEDIUM | 2014-02-17 | 2015-10-08 |
| CVE-2013-1069 | Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to... | 2.1 - LOW | 2014-02-17 | 2014-02-21 |
| CVE-2011-4613 | The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who i... | 4.6 - MEDIUM | 2014-02-05 | 2020-08-24 |
| CVE-2011-1842 | dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSyst... | 7.2 - HIGH | 2011-05-03 | 2017-08-17 |
| CVE-2011-0729 | dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of ... | 7.2 - HIGH | 2011-04-29 | 2011-07-14 |
| CVE-2011-0724 | The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, whi... | 9.3 - HIGH | 2011-02-19 | 2017-08-17 |
| CVE-2010-0834 | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped ... | 9.3 - HIGH | 2010-08-10 | 2010-08-10 |
| CVE-2009-3232 | pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" ... | 9.3 - HIGH | 2009-09-17 | 2018-10-03 |
| CVE-2009-2939 | The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to ... | 6.9 - MEDIUM | 2009-09-21 | 2011-08-24 |
| CVE-2009-1601 | The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the ... | 6.8 - MEDIUM | 2009-05-11 | 2017-08-17 |
| CVE-2009-1573 | xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) ... | 4.6 - MEDIUM | 2009-05-06 | 2017-08-17 |