Vulnerabilities > Canonical > Ubuntu Linux > 11.10

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2020-02-19 CVE-2012-0055 Missing Authorization vulnerability in multiple products
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
local
low complexity
linux canonical CWE-862
7.8
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
local
low complexity
gnome debian canonical opensuse CWE-306
4.4
2016-12-17 CVE-2016-9950 Path Traversal vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
local
low complexity
apport-project canonical CWE-22
7.8
2016-12-17 CVE-2016-9949 Code Injection vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
local
low complexity
apport-project canonical CWE-94
7.8
2016-11-28 CVE-2015-1328 Permissions, Privileges, and Access Controls vulnerability in multiple products
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
local
low complexity
canonical linux CWE-264
7.8
2013-01-18 CVE-2012-5656 XXE vulnerability in multiple products
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
5.5
2013-01-17 CVE-2013-0375 Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
network
low complexity
oracle mariadb canonical redhat
5.4
2012-11-21 CVE-2012-5830 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
network
low complexity
mozilla redhat canonical opensuse suse CWE-416
8.8
2012-11-04 CVE-2012-5821 Improper Certificate Validation vulnerability in multiple products
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
network
high complexity
lynx canonical CWE-295
5.9