Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

17 matches found

CVE•added 2014/07/29 2:55 p.m.•184 views

CVE-2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

1.9CVSS7AI score0.00052EPSS

CVE•added 2014/07/23 2:55 p.m.•175 views

CVE-2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

1.2CVSS7.4AI score0.00053EPSS

CVE•added 2014/01/26 1:55 a.m.•168 views

CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

1.2CVSS6AI score0.00054EPSS

CVE•added 2015/10/21 9:59 p.m.•134 views

CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

1.7CVSS5.2AI score0.0092EPSS

CVE•added 2015/05/27 10:59 a.m.•125 views

CVE-2015-2830

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrat...

1.9CVSS4.8AI score0.00032EPSS

CVE•added 2013/08/19 11:55 p.m.•101 views

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

1.9CVSS6AI score0.00069EPSS

CVE•added 2016/01/21 3:2 a.m.•100 views

CVE-2016-0609

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

1.7CVSS5.1AI score0.00794EPSS

CVE•added 2014/07/03 4:22 a.m.•97 views

CVE-2014-4652

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

1.9CVSS5.6AI score0.00051EPSS

CVE•added 2010/11/29 4:0 p.m.•94 views

CVE-2010-4072

The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."

1.9CVSS5.8AI score0.00096EPSS

CVE•added 2010/09/29 5:0 p.m.•89 views

CVE-2010-3310

Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect ...

1.9CVSS7.6AI score0.00125EPSS

CVE•added 2015/01/21 7:59 p.m.•78 views

CVE-2015-0413

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.

1.9CVSS2.8AI score0.00105EPSS

CVE•added 2013/08/19 1:7 p.m.•71 views

CVE-2013-2162

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive infor...

1.9CVSS5.4AI score0.00034EPSS

CVE•added 2015/07/16 11:0 a.m.•70 views

CVE-2015-4767

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.

1.7CVSS4.6AI score0.00818EPSS

CVE•added 2014/07/29 2:55 p.m.•69 views

CVE-2014-5029

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

1.5CVSS7.1AI score0.00053EPSS

CVE•added 2014/04/17 2:55 p.m.•57 views

CVE-2011-3154

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file cont...

1.9CVSS6AI score0.00051EPSS

CVE•added 2014/03/06 3:55 p.m.•52 views

CVE-2011-3153

dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.

1.9CVSS6.1AI score0.00052EPSS

CVE•added 2013/10/28 9:55 p.m.•44 views

CVE-2013-1056

X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.

1.9CVSS6.7AI score0.00054EPSS