Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1332 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2024-11-21 N/A
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.
CVE-2015-1330 2 Canonical, Debian 2 Ubuntu Linux, Unattended-upgrades 2024-11-21 N/A
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
CVE-2015-1329 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.
CVE-2015-1328 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 N/A
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
CVE-2015-1327 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.
CVE-2015-1325 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
CVE-2015-1324 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
CVE-2015-1323 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.
CVE-2015-1322 2 Canonical, Ubuntu 2 Ubuntu Linux, Network-manager 2024-11-21 N/A
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
CVE-2015-1321 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2024-11-21 N/A
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.
CVE-2015-1319 1 Canonical 1 Ubuntu Linux 2024-11-21 N/A
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.
CVE-2015-1317 2 Canonical, Oxide Project 2 Ubuntu Linux, Oxide 2024-11-21 N/A
Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists.
CVE-2015-1315 2 Canonical, Info-zip 2 Ubuntu Linux, Unzip 2024-11-21 N/A
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
CVE-2015-1283 9 Canonical, Debian, Google and 6 more 14 Ubuntu Linux, Debian Linux, Chrome and 11 more 2024-11-21 N/A
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
CVE-2015-1250 4 Canonical, Debian, Google and 1 more 8 Ubuntu Linux, Debian Linux, Chrome and 5 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1249 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-1244 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2024-11-21 N/A
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.
CVE-2015-1243 4 Canonical, Debian, Google and 1 more 8 Ubuntu Linux, Debian Linux, Chrome and 5 more 2024-11-21 N/A
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVE-2015-1242 4 Canonical, Debian, Google and 1 more 5 Ubuntu Linux, Debian Linux, Chrome and 2 more 2024-11-21 N/A
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
CVE-2015-1241 6 Canonical, Debian, Google and 3 more 12 Ubuntu Linux, Debian Linux, Chrome and 9 more 2024-11-21 N/A
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.