Vulnerabilities > Canonical > Ubuntu Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2015-01-21 CVE-2014-6568 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. 3.5
2015-01-16 CVE-2014-9496 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. 2.1
2015-01-07 CVE-2014-1425 Permissions, Privileges, and Access Controls vulnerability in multiple products
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
local
low complexity
linuxcontainers canonical CWE-264
2.1
2014-12-16 CVE-2014-5353 Null Pointer Dereference vulnerability in multiple products
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
3.5
2014-12-12 CVE-2014-8134 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
local
low complexity
linux canonical opensuse suse oracle
3.3
2014-10-25 CVE-2014-0476 Improper Input Validation vulnerability in multiple products
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable.
local
high complexity
chkrootkit canonical CWE-20
3.7
2014-10-08 CVE-2014-7230 Information Exposure vulnerability in multiple products
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
local
low complexity
openstack redhat canonical CWE-200
2.1
2014-07-29 CVE-2014-5029 Link Following vulnerability in multiple products
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null.
1.5
2014-07-29 CVE-2014-5030 Link Following vulnerability in multiple products
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
1.9
2014-07-11 CVE-2014-4167 Permissions, Privileges, and Access Controls vulnerability in multiple products
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
3.5