Vulnerabilities > Canonical > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-22 | CVE-2015-1346 | Security vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
| 2015-01-21 | CVE-2015-0412 | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | 7.2 |
| 2015-01-21 | CVE-2015-0411 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | 7.5 |
| 2015-01-16 | CVE-2014-9471 | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | 7.5 |
| 2014-12-17 | CVE-2014-9322 | Improper Privilege Management vulnerability in multiple products arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | 7.8 |
| 2014-12-15 | CVE-2014-6052 | Improper Input Validation vulnerability in multiple products The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. | 7.5 |
| 2014-11-26 | CVE-2014-9093 | Improper Input Validation vulnerability in multiple products LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | 7.5 |
| 2014-11-25 | CVE-2014-1421 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 14.10 mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors. | 7.2 |
| 2014-11-10 | CVE-2014-3687 | Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | 7.5 |
| 2014-11-10 | CVE-2014-3673 | Improper Input Validation vulnerability in multiple products The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | 7.5 |