Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-04-08 | CVE-2015-1473 | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | Ubuntu_linux, Glibc | N/A | ||
2015-04-10 | CVE-2015-2806 | Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. | Ubuntu_linux, Debian_linux, Fedora, Libtasn1 | N/A | ||
2015-04-19 | CVE-2015-1235 | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1236 | The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1237 | Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1238 | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1240 | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1242 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. | Ubuntu_linux, Debian_linux, Chrome, V8 | N/A | ||
2015-04-19 | CVE-2015-1244 | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1249 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | Ubuntu_linux, Debian_linux, Chrome | N/A |