Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-10-03 | CVE-2013-4311 | Permissions, Privileges, and Access Controls vulnerability in multiple products libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-03 | CVE-2013-1066 | Permissions, Privileges, and Access Controls vulnerability in multiple products language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-03 | CVE-2013-1065 | Permissions, Privileges, and Access Controls vulnerability in multiple products backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-03 | CVE-2013-1064 | Permissions, Privileges, and Access Controls vulnerability in Canonical Apt-Xapian-Index and Ubuntu Linux apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-03 | CVE-2013-1063 | Permissions, Privileges, and Access Controls vulnerability in multiple products usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-03 | CVE-2013-1062 | Permissions, Privileges, and Access Controls vulnerability in multiple products ubuntu-system-service 0.2.4 before 0.2.4.1. | 4.6 |
| 2013-10-03 | CVE-2013-1061 | Permissions, Privileges, and Access Controls vulnerability in multiple products dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | 4.6 |
| 2013-10-01 | CVE-2012-2126 | Cryptographic Issues vulnerability in Rubygems RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. | 4.3 |
| 2013-10-01 | CVE-2012-2125 | URI Redirection vulnerability in RubyGems RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | 5.8 |
| 2013-09-30 | CVE-2013-0211 | Numeric Errors vulnerability in multiple products Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. | 5.0 |