Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

canonical ubuntu linux 15.04 vulnerabilities and exploits

(subscribe to this query)
7.8
CVSSv2
CVE-2015-0847
nbd-server.c in Network Block Device (nbd-server) prior to 3.11 does not properly handle signals, which allows remote malicious users to cause a denial of service (deadlock) via unspecified vectors.
Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 15.04Canonical Ubuntu Linux 14.10Wouter Verhelst Nbd
4.3
CVSSv2
CVE-2011-4600
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt prior to 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote malicious users to bypass intended access restrictions via a (1) DNS or (2)...
Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 15.10Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04Redhat Libvirt 0.9.8
6.8
CVSSv2
CVE-2015-1330
unattended-upgrades prior to 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle malicious users to upload and execute arbitrary pa...
Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 15.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 12.04Debian Unattended-upgrades
4.3
CVSSv2
CVE-2015-1327
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export fi...
Canonical Ubuntu Linux 15.04
6.8
CVSSv2
CVE-2015-1337
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Simpestreams Project Simplestreams -Canonical Ubuntu Linux 15.04Canonical Ubuntu Linux 14.04
7.5
CVSSv2
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote malicious users to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu ph...
Click Project Click -Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 15.04
5
CVSSv2
CVE-2015-3407
Module::Signature prior to 0.74 allows remote malicious users to bypass signature verification for files via a signature file that does not list the files.
Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 15.04Module-signature Project Module-signature
10
CVSSv2
CVE-2015-3408
Module::Signature prior to 0.74 allows remote malicious users to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
Module-signature Project Module-signatureCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 15.04
7.2
CVSSv2
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature prior to 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
Module-signature Project Module-signatureCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 15.04
6.4
CVSSv2
CVE-2015-3406
The PGP signature parsing in Module::Signature prior to 0.74 allows remote malicious users to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
Module-signature Project Module-signatureCanonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 14.10Canonical Ubuntu Linux 15.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook