Vulnerabilities > Canonical > Low

DATE CVE VULNERABILITY TITLE RISK
2014-01-18 CVE-2013-2037 Improper Input Validation vulnerability in multiple products
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
high complexity
canonical httplib2-project CWE-20
2.6
2014-01-15 CVE-2014-0420 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. 2.8
2014-01-15 CVE-2014-0437 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. 3.5
2014-01-07 CVE-2013-4969 Link Following vulnerability in multiple products
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
local
low complexity
puppetlabs puppet debian canonical CWE-59
2.1
2013-12-03 CVE-2012-6150 Improper Input Validation vulnerability in multiple products
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
network
high complexity
samba canonical CWE-20
3.6
2013-11-23 CVE-2013-4459 Permissions, Privileges, and Access Controls vulnerability in multiple products
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
3.3
2013-10-28 CVE-2013-1056 Local Denial of Service vulnerability in X.Org X Server Xephyr
X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
local
canonical
1.9
2013-10-27 CVE-2013-4428 Permissions, Privileges, and Access Controls vulnerability in multiple products
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
3.5
2013-08-19 CVE-2013-4242 Information Exposure vulnerability in multiple products
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
1.9
2013-08-19 CVE-2013-2162 Race Condition vulnerability in Canonical Ubuntu Linux
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials.
1.9