Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-07-16 CVE-2015-2648 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
network
low complexity
oracle canonical mariadb debian opensuse redhat
4.0
2015-07-16 CVE-2015-2643 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
network
low complexity
oracle mariadb canonical debian opensuse redhat
4.0
2015-07-16 CVE-2015-2620 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. 4.3
2015-07-16 CVE-2015-2617 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.
network
low complexity
oracle canonical
6.5
2015-07-16 CVE-2015-2611 Remote Security vulnerability in Oracle MySQL Server
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
network
low complexity
canonical oracle
4.0
2015-07-16 CVE-2015-2582 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
network
low complexity
oracle debian canonical redhat mariadb
4.0
2015-07-14 CVE-2015-5144 Improper Input Validation vulnerability in multiple products
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
4.3
2015-07-01 CVE-2015-1330 Improper Authentication vulnerability in multiple products
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
6.8
2015-06-25 CVE-2015-1851 Information Exposure vulnerability in multiple products
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
network
low complexity
canonical openstack CWE-200
6.8
2015-06-03 CVE-2015-4106 Incorrect Authorization vulnerability in multiple products
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
4.6