Vulnerabilities > Canonical > Ubuntu Linux > 11.04

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2020-02-20 CVE-2011-2498 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
local
low complexity
linux canonical CWE-772
5.5
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
local
low complexity
gnome debian canonical opensuse CWE-306
4.4
2016-12-17 CVE-2016-9950 Path Traversal vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
local
low complexity
apport-project canonical CWE-22
7.8
2016-12-17 CVE-2016-9949 Code Injection vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
local
low complexity
apport-project canonical CWE-94
7.8
2016-11-28 CVE-2015-1328 Permissions, Privileges, and Access Controls vulnerability in multiple products
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
local
low complexity
canonical linux CWE-264
7.8
2012-10-03 CVE-2012-3489 XXE vulnerability in multiple products
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
6.5
2012-06-05 CVE-2012-1610 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.
network
low complexity
imagemagick debian canonical opensuse CWE-190
7.5
2012-06-05 CVE-2012-1186 Infinite Loop vulnerability in multiple products
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.
5.5
2012-06-05 CVE-2012-1185 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image.
7.8