Vulnerabilities > Canonical > Ubuntu Linux > 14.04

DATE CVE VULNERABILITY TITLE RISK
2015-09-14 CVE-2014-9745 Resource Management Errors vulnerability in multiple products
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
network
low complexity
freetype debian canonical opensuse CWE-399
5.0
2015-09-08 CVE-2015-5200 Local Security vulnerability in libvdpau
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
6.3
2015-09-08 CVE-2015-5199 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
local
low complexity
canonical libvdpau-project CWE-22
7.2
2015-09-08 CVE-2015-5198 Permissions, Privileges, and Access Controls vulnerability in multiple products
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
local
low complexity
libvdpau-project canonical CWE-264
7.2
2015-08-31 CVE-2015-5706 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.
local
low complexity
linux canonical debian CWE-416
4.6
2015-08-24 CVE-2015-5964 Resource Management Errors vulnerability in multiple products
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
network
low complexity
djangoproject canonical oracle CWE-399
5.0
2015-08-24 CVE-2015-5963 Resource Management Errors vulnerability in multiple products
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
network
low complexity
djangoproject oracle canonical CWE-399
5.0
2015-08-16 CVE-2015-3752 Information Exposure vulnerability in multiple products
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
network
low complexity
apple canonical CWE-200
5.0
2015-08-16 CVE-2015-3749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6.8
2015-08-16 CVE-2015-3748 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
6.8