CVE-2016-1579

Name: CVE-2016-1579
Creator: NVD / NIST
Published: 2019-04-22T16:29:01.177+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.77%

Last modified Jun 17, 2026

CVE-2016-1579 is a vulnerability of currently unknown severity. UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. EPSS estimates a 0.77% chance of exploitation in the next 30 days.

Description

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.

Metrics

EPSS Probability

0.77%

50.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Canonical	Ubuntu Download Manager	All versions

References

https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359Third Party Advisory
https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359Third Party Advisory

Timeline

Published: Apr 22, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-1579?

How severe is CVE-2016-1579?

Severity scoring for CVE-2016-1579 is pending analysis. The EPSS model estimates a 0.77% probability of exploitation in the next 30 days.

How do I fix CVE-2016-1579?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1579?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST