Shodan
Vulnerabilities
Vulnerable Software
Canonical:  >> Ubuntu Linux  >> 14.10  Security Vulnerabilities
CVE-2015-3409
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-05-19
CVE-2015-3408
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVSS Score
10.0
EPSS Score
0.039
Published
2015-05-19
CVE-2015-3407
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-05-19
CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
CVSS Score
5.0
EPSS Score
0.05
Published
2015-05-12
CVE-2015-2668
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
CVSS Score
5.0
EPSS Score
0.008
Published
2015-05-12
CVE-2015-2222
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
CVSS Score
5.0
EPSS Score
0.008
Published
2015-05-12
CVE-2015-2221
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
CVSS Score
5.0
EPSS Score
0.009
Published
2015-05-12
CVE-2015-2170
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS Score
5.0
EPSS Score
0.008
Published
2015-05-12
CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
CVSS Score
5.0
EPSS Score
0.081
Published
2015-05-01
CVE-2015-1243
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVSS Score
7.5
EPSS Score
0.018
Published
2015-05-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved