VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2015-1335Oct 1, 2015
    risk 0.00cvss epss 0.00

    lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

  • CVE-2015-1781Sep 28, 2015
    risk 0.00cvss epss 0.05

    Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call…

  • CVE-2015-1319Sep 17, 2015
    risk 0.00cvss epss 0.00

    The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated…

  • CVE-2014-9745Sep 14, 2015
    risk 0.00cvss epss 0.04

    The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

  • CVE-2015-5200Sep 8, 2015
    risk 0.00cvss epss 0.00

    The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

  • CVE-2015-5199Sep 8, 2015
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

  • CVE-2015-5198Sep 8, 2015
    risk 0.00cvss epss 0.00

    libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.

  • CVE-2015-6826Sep 6, 2015
    risk 0.00cvss epss 0.02

    The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1)…

  • CVE-2015-6824Sep 6, 2015
    risk 0.00cvss epss 0.02

    The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

  • CVE-2015-6820Sep 6, 2015
    risk 0.00cvss epss 0.02

    The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access)…

  • CVE-2015-6818Sep 6, 2015
    risk 0.00cvss epss 0.02

    The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified…

  • CVE-2015-3308Sep 2, 2015
    risk 0.00cvss epss 0.04

    Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

  • CVE-2015-6727Sep 1, 2015
    risk 0.00cvss epss 0.02

    The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

  • CVE-2015-5706Aug 31, 2015
    risk 0.00cvss epss 0.00

    Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup…

  • CVE-2015-5364Aug 31, 2015
    risk 0.00cvss epss 0.06

    The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

  • CVE-2015-5964Aug 24, 2015
    risk 0.00cvss epss 0.05

    The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial…

  • CVE-2015-5963Aug 24, 2015
    risk 0.00cvss epss 0.05

    contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of…

  • CVE-2015-3752Aug 16, 2015
    risk 0.00cvss epss 0.03

    The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…

  • CVE-2015-3749Aug 16, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

  • CVE-2015-3748Aug 16, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

Page 53 of 95