Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

16 matches found

CVE•added 2014/07/29 2:55 p.m.•328 views

CVE-2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

5CVSS7.1AI score0.01618EPSS

CVE•added 2014/07/29 2:55 p.m.•184 views

CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

1.9CVSS7AI score0.00052EPSS

CVE•added 2014/07/23 2:55 p.m.•176 views

CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

1.2CVSS7.4AI score0.00053EPSS

CVE•added 2014/07/03 5:55 p.m.•142 views

CVE-2014-0247

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

10CVSS6.3AI score0.07117EPSS

CVE•added 2014/07/03 4:22 a.m.•122 views

CVE-2014-4608

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO alg...

7.5CVSS5.7AI score0.08071EPSS

CVE•added 2014/07/03 4:22 a.m.•113 views

CVE-2014-4656

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl...

4.6CVSS5.6AI score0.00075EPSS

CVE•added 2014/07/03 4:22 a.m.•109 views

CVE-2014-4653

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX acce...

4.6CVSS5.1AI score0.00066EPSS

CVE•added 2014/07/09 11:7 a.m.•107 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double f...

6.9CVSS6.1AI score0.01001EPSS

CVE•added 2014/07/03 4:22 a.m.•106 views

CVE-2014-4654

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and sys...

4.6CVSS5.7AI score0.00066EPSS

CVE•added 2014/07/03 4:22 a.m.•98 views

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

1.9CVSS5.6AI score0.00051EPSS

CVE•added 2014/07/03 4:22 a.m.•98 views

CVE-2014-4655

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX ...

4.9CVSS5.8AI score0.00038EPSS

CVE•added 2014/07/03 4:22 a.m.•92 views

CVE-2014-4667

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

5CVSS5.2AI score0.14138EPSS

CVE•added 2014/07/29 2:55 p.m.•69 views

CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

1.5CVSS7.1AI score0.00053EPSS

CVE•added 2014/07/11 2:55 p.m.•54 views

CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

3.5CVSS6.1AI score0.00558EPSS

CVE•added 2014/07/29 2:55 p.m.•53 views

CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

6.8CVSS7.7AI score0.09187EPSS

CVE•added 2014/07/24 2:55 p.m.•52 views

CVE-2014-1419

Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

6.9CVSS6.3AI score0.00035EPSS