Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-04-05 | CVE-2015-1465 | The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. | Ubuntu_linux, Linux_kernel | N/A | ||
2015-04-08 | CVE-2015-1472 | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. | Ubuntu_linux, Glibc | N/A | ||
2015-04-08 | CVE-2015-1473 | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. | Ubuntu_linux, Glibc | N/A | ||
2015-04-10 | CVE-2015-2806 | Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. | Ubuntu_linux, Debian_linux, Fedora, Libtasn1 | N/A | ||
2015-04-19 | CVE-2015-1235 | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1236 | The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1237 | Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1238 | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1240 | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. | Ubuntu_linux, Debian_linux, Chrome | N/A | ||
2015-04-19 | CVE-2015-1242 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. | Ubuntu_linux, Debian_linux, Chrome, V8 | N/A |