CVE Daily
← All tags

Tag: Ubuntu

All CVEs associated with "Ubuntu". Page 3/3 • 257 CVEs.

Subscribe CVEs: RSS for “Ubuntu”  ·  RSS (High+Critical only)

About “Ubuntu”

A curated feed of “Ubuntu”-related CVEs appears below. We currently track 257 CVEs for this tag (all time). In the last 365 days, 58 were published. Average CVSS is 6.5 (all time; 6.6 over 365d), and 46% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-476 - NULL Pointer Dereference, CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2008-11-17
High

CVE-2008-5104

Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the def…

CVSS: 7.2 CWE: CWE-255 View on NVD
High

CVE-2008-5103

The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account…

CVSS: 7.2 CWE: CWE-255 View on NVD
2008-05-18
Medium

CVE-2008-2285

The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by gue…

CVSS: 5.0 CWE: CWE-310 View on NVD
2008-02-28
Medium

CVE-2008-1072

The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malform…

CVSS: 4.7 CWE: N/A View on NVD
2008-02-12
Critical

CVE-2008-0420

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the…

CVSS: 9.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2007-11-30
High

CVE-2007-6178

Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir par…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2007-11-15
High

CVE-2006-7229

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a fl…

CVSS: 7.5 CWE: CWE-399 View on NVD
2007-10-29
Medium

CVE-2007-3920

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-T…

CVSS: 6.2 CWE: N/A View on NVD
2007-10-01
Medium

CVE-2007-5159

The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group…

CVSS: 4.6 CWE: CWE-264 View on NVD
2006-12-14
Medium

CVE-2006-5648

Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create pro…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2006-5649

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspe…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2006-07-18
High

CVE-2006-3597

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and…

CVSS: 7.2 CWE: N/A View on NVD
2006-07-06
High

CVE-2006-3378

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileg…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-13
High

CVE-2006-1183

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain priv…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-06
Medium

CVE-2006-0458

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) v…

CVSS: 5.0 CWE: N/A View on NVD
2006-01-11
High

CVE-2006-0176

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -…

CVSS: 7.2 CWE: N/A View on NVD
2005-05-02
Medium

CVE-2005-0080

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote…

CVSS: 5.0 CWE: N/A View on NVD