VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2014-8104Dec 3, 2014
    risk 0.00cvss epss 0.03

    OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

  • CVE-2014-9087Dec 1, 2014
    risk 0.00cvss epss 0.05

    Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

  • CVE-2014-9093Nov 26, 2014
    risk 0.00cvss epss 0.04

    LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

  • CVE-2014-1421Nov 25, 2014
    risk 0.00cvss epss 0.01

    mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

  • CVE-2014-7817Nov 24, 2014
    risk 0.00cvss epss 0.01

    The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

  • CVE-2014-1424Nov 24, 2014
    risk 0.00cvss epss 0.02

    apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

  • CVE-2014-7824Nov 18, 2014
    risk 0.00cvss epss 0.01

    D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of…

  • CVE-2014-5388Nov 15, 2014
    risk 0.00cvss epss 0.00

    Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.

  • CVE-2014-4975Nov 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer…

  • CVE-2014-3707Nov 15, 2014
    risk 0.00cvss epss 0.05

    The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory…

  • CVE-2014-7815Nov 14, 2014
    risk 0.00cvss epss 0.04

    The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

  • CVE-2014-3689Nov 14, 2014
    risk 0.00cvss epss 0.00

    The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.

  • CVE-2014-8564Nov 13, 2014
    risk 0.00cvss epss 0.03

    The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2)…

  • CVE-2014-3693Nov 7, 2014
    risk 0.00cvss epss 0.05

    Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.

  • CVE-2014-3640Nov 7, 2014
    risk 0.00cvss epss 0.00

    The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

  • CVE-2014-8483Nov 6, 2014
    risk 0.00cvss epss 0.04

    The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

  • CVE-2014-8548Nov 5, 2014
    risk 0.00cvss epss 0.02

    Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.

  • CVE-2014-8547Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.

  • CVE-2014-8544Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

  • CVE-2014-8543Nov 5, 2014
    risk 0.00cvss epss 0.03

    libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.

Page 65 of 95