← Back

Ubports

ubports

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Unity8
unity8
2 CVEs
Ubuntu Touch
ubuntu_touch
2 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40297
1Ubports
1Ubuntu Touch
Nov 21, 2024
Sep 9, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third...Show more
UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated.Show less
CVE-2015-7946
1Ubports
1Unity8
Nov 21, 2024
May 7, 2020
N/A· v4
4.6 MEDIUM· v3
2.1 LOW· v2
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16....Show more
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.Show less
CVE-2014-1423
2Signond Project
Ubports
2Signond
Ubuntu Touch
Nov 21, 2024
May 7, 2020
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extensi...Show more
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.Show less
CVE-2016-1573
1Ubports
1Unity8
Nov 21, 2024
Apr 22, 2019
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.