Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2016-07-27 2.1 LOW 3.3 LOW
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2014-3686 3 Canonical, Debian, W1.fi 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more 2016-07-26 6.8 MEDIUM N/A
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
CVE-2016-5360 2 Canonical, Haproxy 2 Ubuntu Linux, Haproxy 2016-07-01 5.0 MEDIUM 7.5 HIGH
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-1582 1 Canonical 2 Lxd, Ubuntu Linux 2016-06-10 2.1 LOW 5.5 MEDIUM
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
CVE-2016-1581 1 Canonical 2 Lxd, Ubuntu Linux 2016-06-10 2.1 LOW 5.5 MEDIUM
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVE-2015-1322 2 Canonical, Ubuntu 2 Ubuntu Linux, Network-manager 2016-05-26 4.6 MEDIUM N/A
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
CVE-2016-1580 1 Canonical 2 Ubuntu-core-launcher, Ubuntu Linux 2016-05-19 10.0 HIGH 9.8 CRITICAL
The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."
CVE-2016-1578 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2016-05-19 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
CVE-2013-4473 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2016-05-18 7.5 HIGH N/A
Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.
CVE-2015-3146 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-04-20 5.0 MEDIUM 7.5 HIGH
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
CVE-2015-5247 2 Canonical, Redhat 2 Ubuntu Linux, Libvirt 2016-04-18 4.0 MEDIUM 6.5 MEDIUM
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
CVE-2013-6422 3 Canonical, Debian, Haxx 3 Ubuntu Linux, Debian Linux, Libcurl 2016-04-07 4.0 MEDIUM N/A
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
CVE-2014-3925 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Sos 2016-04-06 5.0 MEDIUM N/A
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVE-2015-1342 1 Canonical 2 Lxcfs, Ubuntu Linux 2015-12-08 4.6 MEDIUM N/A
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
CVE-2015-1344 1 Canonical 2 Lxcfs, Ubuntu Linux 2015-12-08 7.2 HIGH N/A
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
CVE-2015-8222 1 Canonical 1 Ubuntu Linux 2015-11-18 4.6 MEDIUM N/A
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.
CVE-2014-0471 2 Canonical, Debian 2 Ubuntu Linux, Dpkg 2015-10-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
CVE-2014-1949 3 Canonical, Gtk, Linuxmint 3 Ubuntu, Gtk\+, Linux Mint 2015-10-13 7.2 HIGH N/A
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
CVE-2015-1337 2 Canonical, Simpestreams Project 2 Ubuntu Linux, Simplestreams 2015-10-09 6.8 MEDIUM N/A
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
CVE-2015-1338 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2015-10-02 7.2 HIGH N/A
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.