Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-04-28 CVE-2015-1863 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
5.8
2015-04-28 CVE-2015-1774 Out-of-bounds Write vulnerability in multiple products
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
6.8
2015-04-24 CVE-2015-3310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
4.3
2015-04-24 CVE-2015-3148 Improper Access Control vulnerability in multiple products
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
5.0
2015-04-24 CVE-2015-3143 Permissions, Privileges, and Access Controls vulnerability in multiple products
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
network
low complexity
haxx canonical debian hp apple CWE-264
5.0
2015-04-17 CVE-2015-1856 Permissions, Privileges, and Access Controls vulnerability in multiple products
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
network
low complexity
openstack canonical CWE-264
5.5
2015-04-16 CVE-2015-2573 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
network
low complexity
oracle mariadb canonical debian suse redhat
4.0
2015-04-16 CVE-2015-2571 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
network
low complexity
oracle debian mariadb canonical suse redhat
4.0
2015-04-16 CVE-2015-2568 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
network
low complexity
oracle debian canonical mariadb redhat suse
5.0
2015-04-16 CVE-2015-0501 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. 5.7