Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 260 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Published: May 20, 2015; 8:59:00 PM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2015-3409

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.

Published: May 19, 2015; 2:59:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Published: May 19, 2015; 2:59:05 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-3407

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.

Published: May 19, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3451

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Published: May 12, 2015; 3:59:21 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2668

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

Published: May 12, 2015; 3:59:15 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

Published: May 12, 2015; 3:59:13 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2221

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Published: May 12, 2015; 3:59:12 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Published: May 12, 2015; 3:59:09 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

Published: May 01, 2015; 11:59:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1250

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: May 01, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1243

Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.

Published: May 01, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1322

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

Published: April 29, 2015; 4:59:01 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2015-1321

Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

Published: April 29, 2015; 4:59:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-1863

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

Published: April 28, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2015-1774

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

Published: April 28, 2015; 10:59:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-3310

Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.

Published: April 24, 2015; 10:59:11 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.

Published: April 24, 2015; 10:59:11 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Published: April 24, 2015; 10:59:10 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-3144

The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."

Published: April 24, 2015; 10:59:09 AM -0400
V3.x:(not available)
V2.0: 9.0 HIGH