Vulnerabilities > Canonical > Ubuntu Linux > 13.10

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
network
low complexity
imagemagick canonical opensuse CWE-787
8.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
network
low complexity
imagemagick canonical opensuse CWE-120
8.8
2017-01-27 CVE-2017-3313 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM).
local
high complexity
oracle debian canonical redhat mariadb
4.7
2016-11-28 CVE-2015-1328 Permissions, Privileges, and Access Controls vulnerability in multiple products
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
local
low complexity
canonical linux CWE-264
7.8
2014-04-30 CVE-2014-1532 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
network
low complexity
mozilla fedoraproject canonical debian redhat opensuse suse CWE-416
critical
9.8
2014-04-30 CVE-2014-1531 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.
8.8
2014-04-30 CVE-2014-1530 Cross-site Scripting vulnerability in multiple products
The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.
6.1
2014-04-30 CVE-2014-1529 Improper Privilege Management vulnerability in multiple products
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
8.8
2014-04-30 CVE-2014-1524 Classic Buffer Overflow vulnerability in multiple products
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
network
low complexity
mozilla canonical debian redhat opensuse suse fedoraproject CWE-120
critical
9.8