Vulnerabilities > Canonical > Ubuntu Linux > 14.10

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2019-11-29 CVE-2015-3406 Incorrect Conversion between Numeric Types vulnerability in multiple products
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
network
low complexity
module-signature-project canonical CWE-681
6.4
2019-11-20 CVE-2015-3167 Information Exposure vulnerability in multiple products
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
network
low complexity
postgresql debian canonical CWE-200
5.0
2019-11-20 CVE-2015-3166 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
network
low complexity
postgresql debian canonical CWE-119
7.5
2019-11-20 CVE-2015-1607 Improper Input Validation vulnerability in multiple products
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
local
low complexity
gnupg canonical CWE-20
5.5
2017-10-10 CVE-2014-9092 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
4.3
2017-09-28 CVE-2015-3643 Permissions, Privileges, and Access Controls vulnerability in Usb-Creator Project Usb-Creator
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
local
low complexity
usb-creator-project canonical CWE-264
4.6
2017-08-25 CVE-2015-1395 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a ..
network
low complexity
fedoraproject canonical gnu CWE-22
7.8
2017-08-25 CVE-2015-1325 Race Condition vulnerability in Canonical Ubuntu Linux
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
6.9
2017-08-25 CVE-2015-1324 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
local
low complexity
canonical CWE-264
7.2