Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-9585 7 Canonical, Debian, Fedoraproject and 4 more 22 Ubuntu Linux, Debian Linux, Fedora and 19 more 2024-11-21 N/A
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more 2024-11-21 N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
CVE-2014-9529 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2024-11-21 N/A
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
CVE-2014-9496 5 Canonical, Debian, Libsndfile Project and 2 more 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more 2024-11-21 N/A
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2014-9471 2 Canonical, Gnu 2 Ubuntu Linux, Coreutils 2024-11-21 N/A
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
CVE-2014-9402 4 Canonical, Gnu, Opensuse and 1 more 4 Ubuntu Linux, Glibc, Opensuse and 1 more 2024-11-21 N/A
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
CVE-2014-9323 4 Canonical, Debian, Firebirdsql and 1 more 4 Ubuntu Linux, Debian Linux, Firebird and 1 more 2024-11-21 N/A
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
CVE-2014-9322 6 Canonical, Google, Linux and 3 more 11 Ubuntu Linux, Android, Linux Kernel and 8 more 2024-11-21 7.8 High
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
CVE-2014-9221 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 N/A
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
CVE-2014-9093 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 N/A
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-9092 3 Canonical, Fedoraproject, Libjpeg-turbo 3 Ubuntu Linux, Fedora, Libjpeg-turbo 2024-11-21 N/A
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
CVE-2014-9087 4 Canonical, Debian, Gnupg and 1 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2024-11-21 N/A
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
CVE-2014-8768 4 Canonical, Opensuse, Oracle and 1 more 4 Ubuntu Linux, Opensuse, Solaris and 1 more 2024-11-21 N/A
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
CVE-2014-8738 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 N/A
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
CVE-2014-8737 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Binutils and 1 more 2024-11-21 N/A
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
CVE-2014-8602 4 Canonical, Debian, Nlnetlabs and 1 more 4 Ubuntu Linux, Debian Linux, Unbound and 1 more 2024-11-21 N/A
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVE-2014-8564 4 Canonical, Gnu, Opensuse and 1 more 8 Ubuntu Linux, Gnutls, Opensuse and 5 more 2024-11-21 N/A
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
CVE-2014-8559 7 Canonical, Linux, Novell and 4 more 14 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 11 more 2024-11-21 5.5 Medium
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
CVE-2014-8548 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2024-11-21 N/A
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
CVE-2014-8547 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2024-11-21 N/A
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.