Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

8 matches found

CVE•added 2015/06/15 3:59 p.m.•112 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS

CVE•added 2015/06/07 11:59 p.m.•98 views

CVE-2015-4002

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packe...

9CVSS7.8AI score0.03364EPSS

CVE•added 2015/06/07 11:59 p.m.•96 views

CVE-2015-4004

The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.

8.5CVSS7.7AI score0.04967EPSS

CVE•added 2015/06/03 8:59 p.m.•85 views

CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

4.6CVSS7.6AI score0.00085EPSS

CVE•added 2015/06/16 4:59 p.m.•77 views

CVE-2015-3395

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, whi...

6.8CVSS8.5AI score0.01049EPSS

CVE•added 2015/06/10 6:59 p.m.•75 views

CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain ...

2.6CVSS7.5AI score0.01012EPSS

CVE•added 2015/06/25 4:59 p.m.•69 views

CVE-2015-1851

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

6.8CVSS6AI score0.00489EPSS

CVE•added 2015/06/08 2:59 p.m.•53 views

CVE-2015-3905

Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

7.5CVSS7.7AI score0.04715EPSS