Vulnerabilities > Canonical > Ubuntu Linux > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-11 | CVE-2014-4167 | Permissions, Privileges, and Access Controls vulnerability in multiple products The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | 3.5 |
| 2014-05-22 | CVE-2012-0943 | Permissions, Privileges, and Access Controls vulnerability in multiple products debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. | 2.1 |
| 2014-05-22 | CVE-2012-6648 | Permissions, Privileges, and Access Controls vulnerability in multiple products gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. | 2.1 |
| 2014-04-17 | CVE-2011-3154 | Link Following vulnerability in Canonical Ubuntu Linux and Update-Manager DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | 1.9 |
| 2014-04-16 | CVE-2011-4406 | Permissions, Privileges, and Access Controls vulnerability in Canonical Accountsservice and Ubuntu Linux The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | 3.6 |
| 2014-04-16 | CVE-2014-2398 | Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | 3.5 |
| 2014-03-24 | CVE-2014-2568 | USE After Free vulnerability in Linux Kernel Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. | 2.9 |
| 2014-03-06 | CVE-2011-3153 | Link Following vulnerability in multiple products dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | 1.9 |
| 2014-01-26 | CVE-2013-6891 | Link Following vulnerability in multiple products lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | 1.2 |
| 2014-01-18 | CVE-2013-2037 | Improper Input Validation vulnerability in multiple products httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2.6 |