Vulnerabilities > Canonical > Low

DATE CVE VULNERABILITY TITLE RISK
2014-07-29 CVE-2014-5030 Link Following vulnerability in multiple products
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
1.9
2014-07-11 CVE-2014-4167 Permissions, Privileges, and Access Controls vulnerability in multiple products
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
3.5
2014-05-22 CVE-2012-0943 Permissions, Privileges, and Access Controls vulnerability in multiple products
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp.
local
low complexity
robert-ancell canonical CWE-264
2.1
2014-05-22 CVE-2012-6648 Permissions, Privileges, and Access Controls vulnerability in multiple products
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp.
2.1
2014-04-17 CVE-2011-3154 Link Following vulnerability in Canonical Ubuntu Linux and Update-Manager
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
1.9
2014-04-16 CVE-2011-4406 Permissions, Privileges, and Access Controls vulnerability in Canonical Accountsservice and Ubuntu Linux
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
local
low complexity
canonical CWE-264
3.6
2014-04-16 CVE-2014-2398 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. 3.5
2014-03-24 CVE-2014-2568 USE After Free vulnerability in Linux Kernel
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.
2.9
2014-03-06 CVE-2011-3153 Link Following vulnerability in multiple products
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
1.9
2014-01-26 CVE-2013-6891 Link Following vulnerability in multiple products
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
local
high complexity
apple canonical CWE-59
1.2