Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-10-21 CVE-2015-4830 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. 4.0
2015-10-21 CVE-2015-4826 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. 4.0
2015-10-21 CVE-2015-4816 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. 4.0
2015-10-21 CVE-2015-4815 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. 4.0
2015-10-19 CVE-2015-6937 Null Pointer Deference Denial of Service vulnerability in Linux Kernel
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
local
low complexity
linux canonical debian
4.9
2015-10-19 CVE-2015-5707 Integer Overflow or Wraparound vulnerability in Linux Kernel
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
local
low complexity
linux canonical debian suse CWE-190
4.6
2015-10-09 CVE-2015-1337 Improper Input Validation vulnerability in multiple products
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
6.8
2015-09-14 CVE-2014-9745 Resource Management Errors vulnerability in multiple products
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
network
low complexity
freetype debian canonical opensuse CWE-399
5.0
2015-09-08 CVE-2015-5200 Local Security vulnerability in libvdpau
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
6.3
2015-09-01 CVE-2015-6727 Information Exposure vulnerability in multiple products
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
network
low complexity
mediawiki canonical CWE-200
5.0