Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:14.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9662 |
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. Published: February 08, 2015; 6:59:24 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9661 |
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. Published: February 08, 2015; 6:59:23 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9660 |
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. Published: February 08, 2015; 6:59:22 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9659 |
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. Published: February 08, 2015; 6:59:21 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9658 |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Published: February 08, 2015; 6:59:20 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9657 |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Published: February 08, 2015; 6:59:19 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9656 |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. Published: February 08, 2015; 6:59:15 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9636 |
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. Published: February 06, 2015; 10:59:06 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1212 |
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: February 06, 2015; 6:59:10 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1211 |
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. Published: February 06, 2015; 6:59:09 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1210 |
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Published: February 06, 2015; 6:59:08 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1209 |
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Published: February 06, 2015; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1346 |
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: January 22, 2015; 5:59:29 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1205 |
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: January 22, 2015; 5:59:28 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-7943 |
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Published: January 22, 2015; 5:59:23 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-7942 |
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: January 22, 2015; 5:59:22 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-7926 |
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. Published: January 22, 2015; 5:59:07 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-7923 |
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. Published: January 22, 2015; 5:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0432 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Published: January 21, 2015; 2:59:17 PM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-0413 |
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Published: January 21, 2015; 2:59:02 PM -0500 |
V3.x:(not available) V2.0: 1.9 LOW |