Vulnerabilities > Canonical > Ubuntu Linux > 14.04

DATE CVE VULNERABILITY TITLE RISK
2015-10-21 CVE-2015-4816 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. 4.0
2015-10-21 CVE-2015-4815 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. 4.0
2015-10-21 CVE-2015-4792 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. 1.7
2015-10-19 CVE-2015-6937 Null Pointer Deference Denial of Service vulnerability in Linux Kernel
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
local
low complexity
linux canonical debian
4.9
2015-10-19 CVE-2015-5707 Integer Overflow or Wraparound vulnerability in Linux Kernel
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
local
low complexity
linux canonical debian suse CWE-190
4.6
2015-10-09 CVE-2015-1337 Improper Input Validation vulnerability in multiple products
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
6.8
2015-10-01 CVE-2015-7236 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
network
low complexity
rpcbind-project canonical debian oracle
7.5
2015-10-01 CVE-2015-1338 Link Following vulnerability in multiple products
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
local
low complexity
apport-project canonical CWE-59
7.2
2015-10-01 CVE-2015-1335 Link Following vulnerability in multiple products
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
local
low complexity
linuxcontainers canonical CWE-59
7.2
2015-09-17 CVE-2015-1319 Improper Input Validation vulnerability in Canonical Ubuntu Linux 14.04/15.04
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.
local
low complexity
canonical CWE-20
2.1