Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-4000 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Published: May 20, 2015; 8:59:00 PM -0400 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2015-3409 |
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. Published: May 19, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-3408 |
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. Published: May 19, 2015; 2:59:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-3407 |
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. Published: May 19, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3451 |
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. Published: May 12, 2015; 3:59:21 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2668 |
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Published: May 12, 2015; 3:59:15 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2222 |
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Published: May 12, 2015; 3:59:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2221 |
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Published: May 12, 2015; 3:59:12 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2170 |
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Published: May 12, 2015; 3:59:09 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3153 |
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. Published: May 01, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1250 |
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: May 01, 2015; 6:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1243 |
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered. Published: May 01, 2015; 6:59:05 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1322 |
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). Published: April 29, 2015; 4:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2015-1321 |
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. Published: April 29, 2015; 4:59:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1863 |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. Published: April 28, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-1774 |
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. Published: April 28, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3310 |
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. Published: April 24, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-3148 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Published: April 24, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3145 |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Published: April 24, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3144 |
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." Published: April 24, 2015; 10:59:09 AM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |