last updated 23 November 2021
Ubuntu Ubuntu is a Debian-based Linux operating system based on free software.
These issues are regularly patched. If you would like to see what known vulnerabilities are in your docker images signup to Docker Dash and see your personalised dashboard.
4 Critical 10 High 14 Medium 2 Low
| Id | Severity | Package | Description |
|---|---|---|---|
| CVE-2021-33574 | critical | libc-bin:2.31-0ubuntu9.2 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
| CVE-2021-33574 | critical | libc6:2.31-0ubuntu9.2 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
| CVE-2021-35942 | critical | libc-bin:2.31-0ubuntu9.2 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. |
| CVE-2021-35942 | critical | libc6:2.31-0ubuntu9.2 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. |
| CVE-2017-11164 | high | libpcre3:2:8.39-12build1 | In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. |
| CVE-2019-18276 | high | bash:5.0-6ubuntu1.1 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. |
| CVE-2019-20838 | high | libpcre3:2:8.39-12build1 | libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. |
| CVE-2020-6096 | high | libc-bin:2.31-0ubuntu9.2 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| CVE-2020-6096 | high | libc6:2.31-0ubuntu9.2 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| CVE-2021-3326 | high | libc-bin:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| CVE-2021-3326 | high | libc6:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| CVE-2021-33560 | high | libgcrypt20:1.8.5-5ubuntu1 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. |
| CVE-2021-38604 | high | libc-bin:2.31-0ubuntu9.2 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. |
| CVE-2021-38604 | high | libc6:2.31-0ubuntu9.2 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. |
| CVE-2013-4235 | medium | login:1:4.8.1-1ubuntu5.20.04.1 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| CVE-2013-4235 | medium | passwd:1:4.8.1-1ubuntu5.20.04.1 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| CVE-2016-10228 | medium | libc-bin:2.31-0ubuntu9.2 | The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. |
| CVE-2016-10228 | medium | libc6:2.31-0ubuntu9.2 | The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. |
| CVE-2016-2781 | medium | coreutils:8.30-3ubuntu2 | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
| CVE-2018-1000654 | medium | libtasn1-6:4.16.0-2 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
| CVE-2019-25013 | medium | libc-bin:2.31-0ubuntu9.2 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
| CVE-2019-25013 | medium | libc6:2.31-0ubuntu9.2 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. |
| CVE-2020-14155 | medium | libpcre3:2:8.39-12build1 | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. |
| CVE-2020-27618 | medium | libc-bin:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. |
| CVE-2020-27618 | medium | libc6:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. |
| CVE-2020-29562 | medium | libc-bin:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| CVE-2020-29562 | medium | libc6:2.31-0ubuntu9.2 | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
| CVE-2021-40528 | medium | libgcrypt20:1.8.5-5ubuntu1 | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. |
| CVE-2021-27645 | low | libc-bin:2.31-0ubuntu9.2 | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. |
| CVE-2021-27645 | low | libc6:2.31-0ubuntu9.2 | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. |