Vulnerabilities > Canonical > Ubuntu Linux > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-13 | CVE-2013-1940 | Permissions, Privileges, and Access Controls vulnerability in multiple products X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. | 2.1 |
2013-01-17 | CVE-2012-5096 | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | 3.5 |
2012-10-17 | CVE-2012-3197 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 3.5 |
2012-10-16 | CVE-2012-3160 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. | 2.1 |
2012-07-25 | CVE-2012-3954 | Resource Management Errors vulnerability in multiple products Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. | 3.3 |
2012-06-07 | CVE-2012-0948 | Permissions, Privileges, and Access Controls vulnerability in multiple products DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. | 2.1 |
2010-07-13 | CVE-2010-2008 | Command Injection vulnerability in multiple products MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . | 3.5 |
2010-02-18 | CVE-2010-0650 | Permissions, Privileges, and Access Controls vulnerability in multiple products WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | 2.6 |
2008-08-08 | CVE-2008-1945 | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | 2.1 |
2007-06-11 | CVE-2007-2875 | Numeric Errors vulnerability in Linux Kernel Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | 2.1 |