Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-04-16 CVE-2015-0441 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
network
low complexity
oracle debian canonical redhat suse mariadb
4.0
2015-04-16 CVE-2015-0433 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
network
low complexity
oracle debian canonical redhat suse mariadb
4.0
2015-04-13 CVE-2015-0840 Improper Access Control vulnerability in multiple products
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
4.3
2015-04-08 CVE-2015-0799 Improper Input Validation vulnerability in multiple products
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.
4.3
2015-04-01 CVE-2015-2756 Permissions, Privileges, and Access Controls vulnerability in multiple products
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
local
low complexity
debian xen fedoraproject canonical CWE-264
4.9
2015-04-01 CVE-2015-0812 Code vulnerability in multiple products
Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain.
4.3
2015-04-01 CVE-2015-0811 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.
network
low complexity
mozilla opensuse canonical CWE-119
6.4
2015-04-01 CVE-2015-0808 Code vulnerability in multiple products
The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
opensuse canonical mozilla CWE-17
5.0
2015-04-01 CVE-2015-0802 Permissions, Privileges, and Access Controls vulnerability in multiple products
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
network
low complexity
opensuse canonical mozilla CWE-264
5.0
2015-03-30 CVE-2015-2305 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
6.8