Ubuntu Linux
by Canonical
CVEs (1,886)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8542 | 0.00 | — | 0.02 | Nov 5, 2014 | libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data. | |||
| CVE-2014-8541 | 0.00 | — | 0.02 | Nov 5, 2014 | libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have… | |||
| CVE-2014-3710 | 0.00 | — | 0.14 | Nov 5, 2014 | The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted… | |||
| CVE-2014-3660 | 0.00 | — | 0.04 | Nov 4, 2014 | parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested… | |||
| CVE-2014-8080 | 0.00 | — | 0.05 | Nov 3, 2014 | The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | |||
| CVE-2014-3615 | 0.00 | — | 0.00 | Nov 1, 2014 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||
| CVE-2014-3694 | 0.00 | — | 0.02 | Oct 29, 2014 | The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to… | |||
| CVE-2014-3564 | 0.00 | — | 0.04 | Oct 20, 2014 | Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line… | |||
| CVE-2014-3686 | 0.00 | — | 0.05 | Oct 16, 2014 | wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | |||
| CVE-2014-1829 | 0.00 | — | 0.02 | Oct 15, 2014 | Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||
| CVE-2014-7230 | 0.00 | — | 0.00 | Oct 8, 2014 | The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | |||
| CVE-2014-7204 | 0.00 | — | 0.04 | Oct 7, 2014 | jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||
| CVE-2014-3565 | 0.00 | — | 0.05 | Oct 7, 2014 | snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a… | |||
| CVE-2014-6054 | 0.00 | — | 0.06 | Oct 6, 2014 | The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)… | |||
| CVE-2014-3633 | 0.00 | — | 0.03 | Oct 6, 2014 | The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query,… | |||
| CVE-2014-6414 | 0.00 | — | 0.02 | Oct 2, 2014 | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||
| CVE-2014-3621 | 0.00 | — | 0.02 | Oct 2, 2014 | The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. | |||
| CVE-2014-7145 | 0.00 | — | 0.04 | Sep 28, 2014 | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS… | |||
| CVE-2014-6418 | 0.00 | — | 0.05 | Sep 28, 2014 | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph… | |||
| CVE-2014-6416 | 0.00 | — | 0.06 | Sep 28, 2014 | Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. |
- CVE-2014-8542Nov 5, 2014risk 0.00cvss —epss 0.02
libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.
- CVE-2014-8541Nov 5, 2014risk 0.00cvss —epss 0.02
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have…
- CVE-2014-3710Nov 5, 2014risk 0.00cvss —epss 0.14
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted…
- CVE-2014-3660Nov 4, 2014risk 0.00cvss —epss 0.04
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…
- CVE-2014-8080Nov 3, 2014risk 0.00cvss —epss 0.05
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
- CVE-2014-3615Nov 1, 2014risk 0.00cvss —epss 0.00
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
- CVE-2014-3694Oct 29, 2014risk 0.00cvss —epss 0.02
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…
- CVE-2014-3564Oct 20, 2014risk 0.00cvss —epss 0.04
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line…
- CVE-2014-3686Oct 16, 2014risk 0.00cvss —epss 0.05
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
- CVE-2014-1829Oct 15, 2014risk 0.00cvss —epss 0.02
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
- CVE-2014-7230Oct 8, 2014risk 0.00cvss —epss 0.00
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
- CVE-2014-7204Oct 7, 2014risk 0.00cvss —epss 0.04
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
- CVE-2014-3565Oct 7, 2014risk 0.00cvss —epss 0.05
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a…
- CVE-2014-6054Oct 6, 2014risk 0.00cvss —epss 0.06
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2)…
- CVE-2014-3633Oct 6, 2014risk 0.00cvss —epss 0.03
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query,…
- CVE-2014-6414Oct 2, 2014risk 0.00cvss —epss 0.02
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
- CVE-2014-3621Oct 2, 2014risk 0.00cvss —epss 0.02
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
- CVE-2014-7145Sep 28, 2014risk 0.00cvss —epss 0.04
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS…
- CVE-2014-6418Sep 28, 2014risk 0.00cvss —epss 0.05
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph…
- CVE-2014-6416Sep 28, 2014risk 0.00cvss —epss 0.06
Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.
Page 66 of 95