VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2015-1230Mar 9, 2015
    risk 0.00cvss epss 0.02

    The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact…

  • CVE-2015-1229Mar 9, 2015
    risk 0.00cvss epss 0.01

    net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted…

  • CVE-2015-1228Mar 9, 2015
    risk 0.00cvss epss 0.01

    The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a…

  • CVE-2015-1220Mar 9, 2015
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a…

  • CVE-2015-1219Mar 9, 2015
    risk 0.00cvss epss 0.01

    Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted…

  • CVE-2015-1218Mar 9, 2015
    risk 0.00cvss epss 0.01

    Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to…

  • CVE-2015-1217Mar 9, 2015
    risk 0.00cvss epss 0.02

    The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or…

  • CVE-2015-1216Mar 9, 2015
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have…

  • CVE-2015-1215Mar 9, 2015
    risk 0.00cvss epss 0.02

    The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.

  • CVE-2015-1214Mar 9, 2015
    risk 0.00cvss epss 0.01

    Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that…

  • CVE-2015-0228Mar 8, 2015
    risk 0.00cvss epss 0.19

    The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade…

  • CVE-2014-9683Mar 3, 2015
    risk 0.00cvss epss 0.00

    Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted…

  • CVE-2015-0239Mar 2, 2015
    risk 0.00cvss epss 0.01

    The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment…

  • CVE-2014-9644Mar 2, 2015
    risk 0.00cvss epss 0.01

    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different…

  • CVE-2014-8160Mar 2, 2015
    risk 0.00cvss epss 0.05

    net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions…

  • CVE-2013-7421Mar 2, 2015
    risk 0.00cvss epss 0.01

    The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

  • CVE-2015-0834Feb 25, 2015
    risk 0.00cvss epss 0.01

    The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack…

  • CVE-2015-0832Feb 25, 2015
    risk 0.00cvss epss 0.01

    Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and…

  • CVE-2015-0831Feb 25, 2015
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory…

  • CVE-2015-0830Feb 25, 2015
    risk 0.00cvss epss 0.02

    The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

Page 60 of 95