Ubuntu Linux
by Canonical
CVEs (1,886)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3408 | 0.00 | — | 0.06 | May 19, 2015 | Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | |||
| CVE-2015-3407 | 0.00 | — | 0.02 | May 19, 2015 | Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | |||
| CVE-2015-3451 | 0.00 | — | 0.04 | May 12, 2015 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | |||
| CVE-2015-2668 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||
| CVE-2015-2222 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||
| CVE-2015-2221 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||
| CVE-2015-2170 | 0.00 | — | 0.03 | May 12, 2015 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2015-1250 | 0.00 | — | 0.02 | May 1, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1243 | 0.00 | — | 0.02 | May 1, 2015 | Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other… | |||
| CVE-2015-1322 | 0.00 | — | 0.01 | Apr 29, 2015 | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read… | |||
| CVE-2015-1321 | 0.00 | — | 0.02 | Apr 29, 2015 | Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | |||
| CVE-2015-1863 | 0.00 | — | 0.05 | Apr 28, 2015 | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. | |||
| CVE-2015-3416 | 0.00 | — | 0.06 | Apr 24, 2015 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or… | |||
| CVE-2015-3415 | 0.00 | — | 0.05 | Apr 24, 2015 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as… | |||
| CVE-2015-3414 | 0.00 | — | 0.05 | Apr 24, 2015 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE… | |||
| CVE-2015-3310 | 0.00 | — | 0.05 | Apr 24, 2015 | Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. | |||
| CVE-2015-3333 | 0.00 | — | 0.01 | Apr 19, 2015 | Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1249 | 0.00 | — | 0.01 | Apr 19, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1244 | 0.00 | — | 0.01 | Apr 19, 2015 | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by… | |||
| CVE-2015-1242 | 0.00 | — | 0.03 | Apr 19, 2015 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that… |
- CVE-2015-3408May 19, 2015risk 0.00cvss —epss 0.06
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
- CVE-2015-3407May 19, 2015risk 0.00cvss —epss 0.02
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
- CVE-2015-3451May 12, 2015risk 0.00cvss —epss 0.04
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
- CVE-2015-2668May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
- CVE-2015-2222May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
- CVE-2015-2221May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
- CVE-2015-2170May 12, 2015risk 0.00cvss —epss 0.03
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
- CVE-2015-1250May 1, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1243May 1, 2015risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other…
- CVE-2015-1322Apr 29, 2015risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read…
- CVE-2015-1321Apr 29, 2015risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
- CVE-2015-1863Apr 28, 2015risk 0.00cvss —epss 0.05
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
- CVE-2015-3416Apr 24, 2015risk 0.00cvss —epss 0.06
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or…
- CVE-2015-3415Apr 24, 2015risk 0.00cvss —epss 0.05
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as…
- CVE-2015-3414Apr 24, 2015risk 0.00cvss —epss 0.05
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE…
- CVE-2015-3310Apr 24, 2015risk 0.00cvss —epss 0.05
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
- CVE-2015-3333Apr 19, 2015risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1249Apr 19, 2015risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1244Apr 19, 2015risk 0.00cvss —epss 0.01
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by…
- CVE-2015-1242Apr 19, 2015risk 0.00cvss —epss 0.03
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that…
Page 57 of 95