Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-13 CVE-2016-5104 Improper Access Control vulnerability in multiple products
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
network
low complexity
libimobiledevice canonical opensuse CWE-284
5.3
2016-06-13 CVE-2016-2833 7PK - Security Features vulnerability in multiple products
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
network
low complexity
opensuse mozilla canonical CWE-254
6.1
2016-06-13 CVE-2016-2832 Information Exposure vulnerability in multiple products
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
network
low complexity
canonical mozilla opensuse CWE-200
4.3
2016-06-13 CVE-2016-2829 Improper Access Control vulnerability in multiple products
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
network
low complexity
canonical mozilla opensuse CWE-284
6.5
2016-06-13 CVE-2016-2825 Improper Access Control vulnerability in multiple products
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
network
low complexity
canonical opensuse mozilla CWE-284
6.5
2016-06-13 CVE-2016-2822 Improper Access Control vulnerability in multiple products
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
network
low complexity
debian mozilla canonical opensuse CWE-284
6.5
2016-06-10 CVE-2016-4429 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
network
high complexity
opensuse gnu canonical CWE-787
5.9
2016-06-09 CVE-2016-1582 Information Exposure vulnerability in Canonical LXD and Ubuntu Linux
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
local
low complexity
canonical CWE-200
5.5
2016-06-09 CVE-2016-1581 Improper Access Control vulnerability in Canonical LXD and Ubuntu Linux
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
local
low complexity
canonical CWE-284
5.5
2016-06-05 CVE-2016-1702 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
network
low complexity
debian canonical redhat suse opensuse google CWE-119
6.5