Lucene search

K
CanonicalUbuntu Linux14.10

254 matches found

CVE
CVE
added 2015/04/19 10:59 a.m.67 views

CVE-2015-1240

gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

5CVSS6AI score0.01449EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.67 views

CVE-2015-2221

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

5CVSS6.2AI score0.01897EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.67 views

CVE-2015-2238

Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS7AI score0.00107EPSS
CVE
CVE
added 2014/11/13 9:32 p.m.66 views

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing r...

5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2014/11/20 5:50 p.m.66 views

CVE-2014-8768

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

5CVSS8.7AI score0.33885EPSS
CVE
CVE
added 2014/12/01 3:59 p.m.66 views

CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5CVSS6.5AI score0.05055EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.66 views

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free)...

7.5CVSS9.3AI score0.01906EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.66 views

CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

5CVSS8.8AI score0.0181EPSS
CVE
CVE
added 2015/07/01 2:59 p.m.66 views

CVE-2015-1330

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vect...

6.8CVSS7.1AI score0.00087EPSS
CVE
CVE
added 2017/08/25 6:29 p.m.66 views

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

7.8CVSS7.2AI score0.01515EPSS
CVE
CVE
added 2015/07/16 11:1 a.m.66 views

CVE-2015-4772

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4CVSS4.5AI score0.00697EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.65 views

CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

6.8CVSS9.5AI score0.02647EPSS
CVE
CVE
added 2015/04/19 10:59 a.m.65 views

CVE-2015-1249

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01732EPSS
CVE
CVE
added 2015/05/01 10:59 a.m.65 views

CVE-2015-1250

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.01097EPSS
CVE
CVE
added 2019/11/29 9:15 p.m.65 views

CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

7.5CVSS7.2AI score0.01351EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.64 views

CVE-2015-0826

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operatio...

6.8CVSS9.4AI score0.00796EPSS
CVE
CVE
added 2014/12/03 6:59 p.m.63 views

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

6.8CVSS5.9AI score0.01465EPSS
CVE
CVE
added 2015/04/01 10:59 a.m.63 views

CVE-2015-0805

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (me...

7.5CVSS9.5AI score0.01906EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.63 views

CVE-2015-0834

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time wi...

4.3CVSS9AI score0.00587EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.63 views

CVE-2015-1229

net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5CVSS6AI score0.00317EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.62 views

CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

7.5CVSS7.8AI score0.01793EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.62 views

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web sit...

2.6CVSS9.1AI score0.00305EPSS
CVE
CVE
added 2015/04/13 2:59 p.m.62 views

CVE-2015-0840

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

4.3CVSS6.4AI score0.00741EPSS
CVE
CVE
added 2015/05/29 3:59 p.m.62 views

CVE-2015-0847

nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors.

7.8CVSS6.4AI score0.02554EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.62 views

CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

6.8CVSS8.1AI score0.01393EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.62 views

CVE-2015-2668

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

5CVSS6.2AI score0.01656EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.62 views

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

10CVSS7.6AI score0.04873EPSS
CVE
CVE
added 2014/11/15 9:59 p.m.61 views

CVE-2014-5388

Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

4.6CVSS5AI score0.00095EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.61 views

CVE-2014-9662

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

7.5CVSS7.9AI score0.02738EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.61 views

CVE-2014-9668

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact vi...

7.5CVSS8AI score0.01507EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3CVSS8.8AI score0.00758EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5CVSS8.8AI score0.01074EPSS
CVE
CVE
added 2017/08/25 6:29 p.m.61 views

CVE-2015-1325

Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files a...

7CVSS6.9AI score0.00858EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.60 views

CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5CVSS9.4AI score0.02358EPSS
CVE
CVE
added 2015/05/12 7:59 p.m.60 views

CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

5CVSS6.2AI score0.01656EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.59 views

CVE-2015-1219

Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a lar...

7.5CVSS6.8AI score0.00897EPSS
CVE
CVE
added 2015/03/24 5:59 p.m.59 views

CVE-2015-2265

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.

7.5CVSS7.4AI score0.05767EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.58 views

CVE-2014-9665

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG fi...

7.5CVSS8.3AI score0.02167EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.57 views

CVE-2015-1220

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in...

6.8CVSS6.8AI score0.03072EPSS
CVE
CVE
added 2012/09/05 11:55 p.m.56 views

CVE-2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the le...

5CVSS8.8AI score0.01748EPSS
CVE
CVE
added 2013/12/07 8:55 p.m.56 views

CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

7.5CVSS6.2AI score0.0032EPSS
CVE
CVE
added 2015/01/22 10:59 p.m.56 views

CVE-2014-7943

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS8.7AI score0.01712EPSS
CVE
CVE
added 2015/04/08 6:59 p.m.56 views

CVE-2015-1317

Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.

7.5CVSS8.1AI score0.01436EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.55 views

CVE-2015-1215

The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.

7.5CVSS6.8AI score0.00974EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.55 views

CVE-2015-1217

The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified...

7.5CVSS6.7AI score0.01649EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.55 views

CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, relat...

7.5CVSS6.9AI score0.01073EPSS
CVE
CVE
added 2015/03/09 12:59 a.m.53 views

CVE-2015-1216

Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...

7.5CVSS6.7AI score0.01073EPSS
CVE
CVE
added 2015/06/08 2:59 p.m.53 views

CVE-2015-3905

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

7.5CVSS7.7AI score0.04715EPSS
CVE
CVE
added 2015/05/19 6:59 p.m.52 views

CVE-2015-3407

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

5CVSS7.3AI score0.00415EPSS
CVE
CVE
added 2015/04/29 8:59 p.m.50 views

CVE-2015-1322

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a ....

4.6CVSS6.2AI score0.00023EPSS
Total number of security vulnerabilities254