Vulnerabilities > Canonical > Ubuntu Linux > 11.04

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2020-02-20 CVE-2011-2498 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
local
low complexity
linux canonical CWE-772
4.9
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
3.3
2016-12-17 CVE-2016-9950 Path Traversal vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
network
apport-project canonical CWE-22
critical
9.3
2016-12-17 CVE-2016-9949 Code Injection vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
network
apport-project canonical CWE-94
critical
9.3
2016-11-28 CVE-2015-1328 Permissions, Privileges, and Access Controls vulnerability in multiple products
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
local
low complexity
canonical linux CWE-264
7.2
2014-05-22 CVE-2012-6648 Permissions, Privileges, and Access Controls vulnerability in multiple products
gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp.
2.1
2014-05-21 CVE-2012-1166 OS Command Injection vulnerability in Canonical Ltsp Display Manager and Ubuntu Linux
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
network
low complexity
canonical CWE-78
critical
10.0
2014-05-14 CVE-2011-4407 Improper Input Validation vulnerability in Canonical Software-Properties and Ubuntu Linux
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
network
canonical CWE-20
4.3
2014-04-27 CVE-2011-3152 Cryptographic Issues vulnerability in Canonical Ubuntu Linux and Update-Manager
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.
network
low complexity
canonical CWE-310
6.4