CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2023-0881 – DDoS in Ubuntu package linux-bluefield
https://notcve.org/view.php?id=CVE-2023-0881
31 Mar 2025 — Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package. • https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2006397 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33263
https://notcve.org/view.php?id=CVE-2024-33263
26 Apr 2024 — QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. Se descubrió que el commit 3b45d15 de QuickJS contenía un error de aserción a través de JS_FreeRuntime (JSRuntime *) en quickjs.c. • https://github.com/bellard/quickjs/issues/277 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1804 – Accountsservice incorrectly drops privileges
https://notcve.org/view.php?id=CVE-2022-1804
24 May 2022 — accountsservice no longer drops permissions when writting .pam_environment Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service. • https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250 • CWE-269: Improper Privilege Management •
CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15795 – python-apt uses MD5 for validation
https://notcve.org/view.php?id=CVE-2019-15795
23 Jan 2020 — python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt solo comprueba las cantidades MD5 de los archivos descargados en las funciones "Version.fetch_binary()... • https://usn.ubuntu.com/4247-1 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.7EPSS: 0%CPEs: 74EXPL: 0CVE-2019-15796 – python-apt downloads from untrusted sources
https://notcve.org/view.php?id=CVE-2019-15796
23 Jan 2020 — Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. Python-apt no comprueba si los hashes están firmados en las funciones "Version.fetch_binary()" y... • https://usn.ubuntu.com/4247-1 • CWE-287: Improper Authentication CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.1EPSS: 1%CPEs: 6EXPL: 0CVE-2017-14461 – Debian Security Advisory 4130-1
https://notcve.org/view.php?id=CVE-2017-14461
02 Mar 2018 — A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Un email especialmente manipulado enviado mediante SMTP y pasado a Dovecot, de MTA, puede desencadenar una lectura fuera de límites que resulta en la posible revelación de información sensible y una denegac... • http://www.securityfocus.com/bid/103201 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5479 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-5479
05 Apr 2016 — The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. La función ff_h263_decode_mba en libavcodec/ituh263dec.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación) a través de un archivo con dimensiones manipuladas. It was discovered that Libav in... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1322 – Ubuntu Security Notice USN-2581-1
https://notcve.org/view.php?id=CVE-2015-1322
28 Apr 2015 — Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). Vulnerabilidad de salto de directorio en el paquete network-manager de Ubuntu para Ubuntu (vivid) e... • http://www.ubuntu.com/usn/USN-2581-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2015-2150 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2150
12 Mar 2015 — Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Xen 3.3.x hasta la versión 4.5.x y en el kernel de Linux hasta la versión 3.19.1 no restringe adecuadamente el acceso al registro... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 5CVE-2015-2285 – Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2285
12 Mar 2015 — The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. La secuencia de comandos de la logrotación (/etc/cron.daily/upstart) en el paquete Ubuntu Upstart anterior a 1.13.2-0ubuntu9, utilizado en Ubuntu Vivid 15.04, permite a usuarios locales ejecutar comandos arbitrarios y ganar privilegios a través de un fiche... • https://www.exploit-db.com/exploits/41765 • CWE-19: Data Processing Errors •