Vulnerabilities > Canonical > Ubuntu Linux > 14.04

DATE CVE VULNERABILITY TITLE RISK
2016-01-21 CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
network
low complexity
canonical oracle
5.0
2016-01-14 CVE-2015-8605 Improper Input Validation vulnerability in multiple products
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
5.7
2016-01-12 CVE-2015-1779 Resource Exhaustion vulnerability in multiple products
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
8.6
2016-01-09 CVE-2015-7575 Data Processing Errors vulnerability in multiple products
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
network
high complexity
mozilla opensuse canonical CWE-19
5.9
2016-01-08 CVE-2015-8557 OS Command Injection vulnerability in multiple products
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
network
canonical pygments CWE-78
critical
9.3
2015-12-29 CVE-2015-8467 Improper Privilege Management vulnerability in multiple products
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
network
high complexity
samba debian canonical CWE-269
7.5
2015-12-29 CVE-2015-7540 Resource Management Errors vulnerability in multiple products
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
network
low complexity
samba canonical debian CWE-399
7.5
2015-12-29 CVE-2015-5299 Information Exposure vulnerability in multiple products
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
network
low complexity
samba debian canonical CWE-200
5.3
2015-12-29 CVE-2015-5296 Improper Input Validation vulnerability in multiple products
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
network
high complexity
samba debian canonical CWE-20
5.4
2015-12-29 CVE-2015-5252 Permissions, Privileges, and Access Controls vulnerability in multiple products
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
network
low complexity
samba canonical debian CWE-264
7.2