Lucene search

K
CanonicalUbuntu Linux14.10

254 matches found

CVE
CVE
added 2015/01/16 4:59 p.m.80 views

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

5CVSS6.9AI score0.04573EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.80 views

CVE-2015-4761

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

3.5CVSS4.5AI score0.00489EPSS
CVE
CVE
added 2014/12/16 11:59 p.m.79 views

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demo...

3.5CVSS6.4AI score0.00458EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.79 views

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a c...

7.5CVSS9.3AI score0.01906EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.79 views

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attacker...

7.5CVSS7.2AI score0.01413EPSS
CVE
CVE
added 2014/10/29 10:55 a.m.78 views

CVE-2014-3694

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o...

6.4CVSS8.5AI score0.01448EPSS
CVE
CVE
added 2015/01/21 7:59 p.m.78 views

CVE-2015-0413

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.

1.9CVSS2.8AI score0.00105EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.78 views

CVE-2015-1214

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset act...

7.5CVSS6.9AI score0.00974EPSS
CVE
CVE
added 2014/01/18 7:55 p.m.77 views

CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

5CVSS6.9AI score0.05566EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.77 views

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.

4.3CVSS9AI score0.0082EPSS
CVE
CVE
added 2015/03/15 7:59 p.m.76 views

CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

6.4CVSS7.4AI score0.02978EPSS
CVE
CVE
added 2014/11/26 3:59 p.m.75 views

CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

6.4CVSS8.1AI score0.64227EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.75 views

CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which a...

7.5CVSS6.2AI score0.01009EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.75 views

CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

4.3CVSS6AI score0.01566EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.75 views

CVE-2015-3409

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

7.2CVSS7.3AI score0.00058EPSS
CVE
CVE
added 2015/06/10 6:59 p.m.75 views

CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain ...

2.6CVSS7.5AI score0.01012EPSS
CVE
CVE
added 2014/11/07 7:55 p.m.74 views

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

2.1CVSS6AI score0.00059EPSS
CVE
CVE
added 2014/11/14 3:59 p.m.74 views

CVE-2014-3689

The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

7.2CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2015/01/07 7:59 p.m.74 views

CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

5CVSS8.7AI score0.07905EPSS
CVE
CVE
added 2015/02/23 5:59 p.m.74 views

CVE-2015-1315

Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.

7.5CVSS9.3AI score0.1061EPSS
CVE
CVE
added 2015/03/25 2:59 p.m.74 views

CVE-2015-2316

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

5CVSS6.4AI score0.0227EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.74 views

CVE-2015-2641

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

3.5CVSS4.5AI score0.00652EPSS
CVE
CVE
added 2015/04/08 10:59 a.m.73 views

CVE-2015-0799

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.

4.3CVSS9.1AI score0.00124EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.73 views

CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a c...

4.3CVSS5.9AI score0.00865EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.73 views

CVE-2015-1238

Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

7.5CVSS6.7AI score0.02307EPSS
CVE
CVE
added 2015/04/24 2:59 p.m.73 views

CVE-2015-3310

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

4.3CVSS9AI score0.01715EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.72 views

CVE-2015-2611

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.5AI score0.00697EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.72 views

CVE-2015-3333

Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.00241EPSS
CVE
CVE
added 2013/09/30 10:55 p.m.71 views

CVE-2013-0211

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion ...

5CVSS7.7AI score0.01196EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.71 views

CVE-2015-1205

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS9.4AI score0.01201EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.71 views

CVE-2015-1228

The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (app...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.70 views

CVE-2015-4767

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.

1.7CVSS4.6AI score0.00818EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.69 views

CVE-2015-0806

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...

7.5CVSS9.4AI score0.01906EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.69 views

CVE-2015-0811

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.

6.4CVSS8.9AI score0.00873EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_pa...

7.5CVSS9.8AI score0.01442EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS9AI score0.00135EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.69 views

CVE-2015-1230

The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code ...

7.5CVSS6.8AI score0.01726EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.69 views

CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

5CVSS6.1AI score0.01656EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.69 views

CVE-2015-2617

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.

6.5CVSS4.5AI score0.00598EPSS
CVE
CVE
added 2015/07/16 11:1 a.m.69 views

CVE-2015-4771

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.

3.5CVSS4.5AI score0.00652EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.68 views

CVE-2015-0808

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors...

5CVSS8.8AI score0.00804EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.68 views

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

5CVSS5.8AI score0.00962EPSS
CVE
CVE
added 2015/07/14 4:59 p.m.68 views

CVE-2015-3279

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

7.5CVSS8.1AI score0.1072EPSS
CVE
CVE
added 2017/08/25 6:29 p.m.67 views

CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

7.1CVSS5.7AI score0.00378EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.67 views

CVE-2014-9659

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this ...

7.5CVSS7.9AI score0.02849EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.67 views

CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact v...

6.8CVSS7.9AI score0.01778EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.67 views

CVE-2014-9672

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.

5.8CVSS7.1AI score0.01931EPSS
CVE
CVE
added 2015/02/06 11:59 a.m.67 views

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the thro...

5CVSS6AI score0.00704EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.67 views

CVE-2015-1231

Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.6AI score0.01158EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.67 views

CVE-2015-1237

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages...

7.5CVSS7AI score0.02307EPSS
Total number of security vulnerabilities254