Vulnerabilities > Canonical > Ubuntu Linux > 15.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-5536 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 6.4 |
| 2020-02-19 | CVE-2015-7747 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | 6.8 |
| 2019-04-22 | CVE-2015-1343 | Information Exposure Through Log Files vulnerability in Canonical Ubuntu Linux 15.10 All versions of unity-scope-gdrive logs search terms to syslog. | 5.0 |
| 2019-04-22 | CVE-2015-1341 | Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | 7.2 |
| 2018-07-30 | CVE-2016-9597 | Uncontrolled Recursion vulnerability in multiple products It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. | 7.5 |
| 2017-11-06 | CVE-2015-7529 | Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 7.8 |
| 2017-07-25 | CVE-2015-1332 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. | 6.8 |
| 2017-07-21 | CVE-2015-5300 | 7PK - Time and State vulnerability in multiple Linux Systems The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | 5.0 |
| 2017-07-21 | CVE-2015-5219 | Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | 7.5 |
| 2017-07-21 | CVE-2015-5195 | Improper Input Validation vulnerability in multiple products ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | 7.5 |