Vulnerabilities > Canonical > Ubuntu Linux

DATE CVE VULNERABILITY TITLE RISK
2014-04-23 CVE-2014-0472 Code Injection vulnerability in multiple products
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
network
high complexity
djangoproject canonical CWE-94
5.1
5.1
2014-04-17 CVE-2011-3154 Link Following vulnerability in Canonical Ubuntu Linux and Update-Manager
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. 		1.9
1.9
2014-04-16 CVE-2011-4406 Permissions, Privileges, and Access Controls vulnerability in Canonical Accountsservice and Ubuntu Linux
The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.
local
low complexity
canonical CWE-264
3.6
3.6
2014-04-16 CVE-2014-2427 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
network
low complexity
canonical oracle debian
7.5
7.5
2014-04-16 CVE-2014-2423 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
network
low complexity
canonical oracle debian
7.5
7.5
2014-04-16 CVE-2014-2421 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
network
low complexity
canonical oracle juniper debian ibm
critical
 10.0
10
2014-04-16 CVE-2014-2414 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
network
low complexity
canonical oracle debian
7.5
7.5
2014-04-16 CVE-2014-2413 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
network
canonical oracle
4.3
4.3
2014-04-16 CVE-2014-2412 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
network
low complexity
canonical oracle debian
7.5
7.5
2014-04-16 CVE-2014-2403 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
network
low complexity
canonical oracle debian
5.0
5.0