Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 260 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: February 08, 2015; 6:59:19 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Published: February 08, 2015; 6:59:15 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9636

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

Published: February 06, 2015; 10:59:06 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1212

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: February 06, 2015; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.

Published: February 06, 2015; 6:59:09 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: February 06, 2015; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.

Published: February 06, 2015; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: January 22, 2015; 5:59:29 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1205

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: January 22, 2015; 5:59:28 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7943

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: January 22, 2015; 5:59:23 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: January 22, 2015; 5:59:22 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7926

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.

Published: January 22, 2015; 5:59:07 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-7923

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.

Published: January 22, 2015; 5:59:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Published: January 21, 2015; 2:59:17 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-0413

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.

Published: January 21, 2015; 2:59:02 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-0412

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

Published: January 21, 2015; 2:59:01 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

Published: January 21, 2015; 2:59:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-0410

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.

Published: January 21, 2015; 1:59:50 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0408

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Published: January 21, 2015; 1:59:48 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0407

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

Published: January 21, 2015; 1:59:47 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM