Canonical: >> Ubuntu Linux >> 15.04 Security Vulnerabilities
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CVSS Score
4.3
EPSS Score
0.073
Published
2015-05-28
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVSS Score
3.7
EPSS Score
0.939
Published
2015-05-21
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-05-19
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVSS Score
10.0
EPSS Score
0.049
Published
2015-05-19
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-05-19
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
CVSS Score
5.0
EPSS Score
0.034
Published
2015-05-12
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS Score
5.0
EPSS Score
0.016
Published
2015-05-12
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVSS Score
7.5
EPSS Score
0.018
Published
2015-05-01
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSS Score
7.5
EPSS Score
0.011
Published
2015-05-01
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
CVSS Score
5.8
EPSS Score
0.054
Published
2015-04-28