Vulnerabilities > Canonical > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-22 | CVE-2016-6224 | Improper Input Validation vulnerability in multiple products ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. | 3.3 |
| 2016-07-21 | CVE-2016-3614 | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | 3.5 |
| 2016-06-14 | CVE-2016-5238 | Out-of-bounds Write vulnerability in multiple products The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | 2.1 |
| 2016-06-09 | CVE-2016-1581 | Improper Access Control vulnerability in Canonical LXD and Ubuntu Linux LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | 2.1 |
| 2016-06-09 | CVE-2016-1582 | Information Exposure vulnerability in Canonical LXD and Ubuntu Linux LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. | 2.1 |
| 2016-06-07 | CVE-2015-5261 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. | 3.6 |
| 2016-06-03 | CVE-2015-8872 | Numeric Errors vulnerability in multiple products The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." | 2.1 |
| 2016-06-03 | CVE-2016-4804 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. | 2.1 |
| 2016-06-01 | CVE-2016-4454 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. | 3.6 |
| 2016-05-23 | CVE-2016-4486 | Information Exposure vulnerability in multiple products The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | 3.3 |