Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-2522-1
Vulnerability from osv_ubuntu
It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419)
It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591)
It was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)
It was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-6585",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-6591",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-7923",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-7926",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-7940",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-9654",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
}
],
"aliases": [],
"details": "It was discovered that ICU incorrectly handled memory operations when\nprocessing fonts. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. This issue only affected\nUbuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384,\nCVE-2013-2419)\n\nIt was discovered that ICU incorrectly handled memory operations when\nprocessing fonts. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2014-6585,\nCVE-2014-6591)\n\nIt was discovered that ICU incorrectly handled memory operations when\nprocessing regular expressions. If an application using ICU processed\ncrafted data, an attacker could cause it to crash or potentially execute\narbitrary code with the privileges of the user invoking the program.\n(CVE-2014-7923, CVE-2014-7926, CVE-2014-9654)\n\nIt was discovered that ICU collator implementation incorrectly handled\nmemory operations. If an application using ICU processed crafted data, an\nattacker could cause it to crash or potentially execute arbitrary code with\nthe privileges of the user invoking the program. (CVE-2014-7940)\n",
"id": "USN-2522-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-03-05T13:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-1569"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2383"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2384"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2419"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-6585"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-6591"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7923"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7926"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7940"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-9654"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "icu vulnerabilities",
"upstream": [
"UBUNTU-CVE-2013-1569",
"UBUNTU-CVE-2013-2383",
"UBUNTU-CVE-2013-2384",
"UBUNTU-CVE-2013-2419",
"UBUNTU-CVE-2014-6585",
"UBUNTU-CVE-2014-6591",
"UBUNTU-CVE-2014-7923",
"UBUNTU-CVE-2014-7926",
"UBUNTU-CVE-2014-7940",
"UBUNTU-CVE-2014-9654"
]
}
ubuntu-cve-2013-1569
Vulnerability from osv_ubuntu
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3"
},
{
"binary_name": "icu-doc",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu-dev",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52-dbg",
"binary_version": "52.1-3"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"checking of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.",
"id": "UBUNTU-CVE-2013-1569",
"modified": "2025-07-16T04:50:13Z",
"published": "2013-04-17T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-1569"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1806-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1819-1"
},
{
"type": "REPORT",
"url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1569"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-1806-1",
"USN-1819-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2013-1569"
],
"withdrawn": "2025-07-18T16:42:50Z"
}
ubuntu-cve-2013-2383
Vulnerability from osv_ubuntu
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3"
},
{
"binary_name": "icu-doc",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu-dev",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52-dbg",
"binary_version": "52.1-3"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"handling of [a] glyph table\" in the International Components for Unicode (ICU) Layout Engine before 51.2.",
"id": "UBUNTU-CVE-2013-2383",
"modified": "2025-07-16T04:50:16Z",
"published": "2013-04-17T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2383"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1806-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1819-1"
},
{
"type": "REPORT",
"url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2383"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-1806-1",
"USN-1819-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2013-2383"
],
"withdrawn": "2025-07-18T16:42:52Z"
}
ubuntu-cve-2013-2384
Vulnerability from osv_ubuntu
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3"
},
{
"binary_name": "icu-doc",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu-dev",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52-dbg",
"binary_version": "52.1-3"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font layout\" in the International Components for Unicode (ICU) Layout Engine before 51.2.",
"id": "UBUNTU-CVE-2013-2384",
"modified": "2025-07-16T04:50:16Z",
"published": "2013-04-17T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2384"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1806-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1819-1"
},
{
"type": "REPORT",
"url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2384"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-1806-1",
"USN-1819-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2013-2384"
],
"withdrawn": "2025-07-18T16:42:52Z"
}
ubuntu-cve-2013-2419
Vulnerability from osv_ubuntu
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3"
},
{
"binary_name": "icu-doc",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu-dev",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3"
},
{
"binary_name": "libicu52-dbg",
"binary_version": "52.1-3"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2.",
"id": "UBUNTU-CVE-2013-2419",
"modified": "2025-07-16T04:50:16Z",
"published": "2013-04-17T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2013-2419"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1806-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-1819-1"
},
{
"type": "REPORT",
"url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2419"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-1806-1",
"USN-1819-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2013-2419"
],
"withdrawn": "2025-07-18T16:42:52Z"
}
ubuntu-cve-2014-6585
Vulnerability from osv_ubuntu
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-6-jre-cacao",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "icedtea-6-jre-jamvm",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-demo",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jdk",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-headless",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-lib",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-zero",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-source",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-6",
"purl": "pkg:deb/ubuntu/openjdk-6@6b34-1.13.6-1ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6b34-1.13.6-1ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6b27-1.12.6-1ubuntu2",
"6b27-1.12.7-2ubuntu1",
"6b29-1.13.0-1ubuntu2",
"6b30-1.13.1-1ubuntu1",
"6b30-1.13.1-1ubuntu2",
"6b30-1.13.2-1ubuntu1",
"6b31-1.13.3-1ubuntu1",
"6b32-1.13.4-4ubuntu0.14.04.1",
"6b33-1.13.5-1ubuntu0.14.04"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-7-jre-jamvm",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-demo",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jdk",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-headless",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-lib",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-zero",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-source",
"binary_version": "7u75-2.5.4-1~trusty1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-7",
"purl": "pkg:deb/ubuntu/openjdk-7@7u75-2.5.4-1~trusty1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7u75-2.5.4-1~trusty1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7u25-2.3.12-4ubuntu3",
"7u25-2.3.12-4ubuntu5",
"7u45-2.4.3-3ubuntu1",
"7u45-2.4.3-3ubuntu2",
"7u45-2.4.3-4ubuntu1",
"7u45-2.4.3-4ubuntu2",
"7u51-2.4.4-1ubuntu1",
"7u51-2.4.5-1ubuntu1",
"7u51-2.4.6~pre1-1ubuntu2",
"7u51-2.4.6-1ubuntu3",
"7u51-2.4.6-1ubuntu4",
"7u55-2.4.7-1ubuntu1",
"7u65-2.5.1-4ubuntu1~0.14.04.1",
"7u65-2.5.1-4ubuntu1~0.14.04.2",
"7u65-2.5.2-3~14.04",
"7u71-2.5.3-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.",
"id": "UBUNTU-CVE-2014-6585",
"modified": "2026-04-22T07:37:43Z",
"published": "2015-01-21T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-6585"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2486-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6585"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-2486-1",
"USN-2487-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-6585"
]
}
ubuntu-cve-2014-6591
Vulnerability from osv_ubuntu
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-6-jre-cacao",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "icedtea-6-jre-jamvm",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-demo",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jdk",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-headless",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-lib",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-jre-zero",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
},
{
"binary_name": "openjdk-6-source",
"binary_version": "6b34-1.13.6-1ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-6",
"purl": "pkg:deb/ubuntu/openjdk-6@6b34-1.13.6-1ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6b34-1.13.6-1ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6b27-1.12.6-1ubuntu2",
"6b27-1.12.7-2ubuntu1",
"6b29-1.13.0-1ubuntu2",
"6b30-1.13.1-1ubuntu1",
"6b30-1.13.1-1ubuntu2",
"6b30-1.13.2-1ubuntu1",
"6b31-1.13.3-1ubuntu1",
"6b32-1.13.4-4ubuntu0.14.04.1",
"6b33-1.13.5-1ubuntu0.14.04"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icedtea-7-jre-jamvm",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-demo",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jdk",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-headless",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-lib",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-jre-zero",
"binary_version": "7u75-2.5.4-1~trusty1"
},
{
"binary_name": "openjdk-7-source",
"binary_version": "7u75-2.5.4-1~trusty1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "openjdk-7",
"purl": "pkg:deb/ubuntu/openjdk-7@7u75-2.5.4-1~trusty1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7u75-2.5.4-1~trusty1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7u25-2.3.12-4ubuntu3",
"7u25-2.3.12-4ubuntu5",
"7u45-2.4.3-3ubuntu1",
"7u45-2.4.3-3ubuntu2",
"7u45-2.4.3-4ubuntu1",
"7u45-2.4.3-4ubuntu2",
"7u51-2.4.4-1ubuntu1",
"7u51-2.4.5-1ubuntu1",
"7u51-2.4.6~pre1-1ubuntu2",
"7u51-2.4.6-1ubuntu3",
"7u51-2.4.6-1ubuntu4",
"7u55-2.4.7-1ubuntu1",
"7u65-2.5.1-4ubuntu1~0.14.04.1",
"7u65-2.5.1-4ubuntu1~0.14.04.2",
"7u65-2.5.2-3~14.04",
"7u71-2.5.3-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.",
"id": "UBUNTU-CVE-2014-6591",
"modified": "2026-04-22T07:37:43Z",
"published": "2015-01-21T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-6591"
},
{
"type": "REPORT",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2486-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2487-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6591"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-3"
}
],
"related": [
"USN-2486-1",
"USN-2487-1",
"USN-2522-1",
"USN-2522-3"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-6591"
]
}
ubuntu-cve-2014-7923
Vulnerability from osv_ubuntu
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "chromium-browser",
"purl": "pkg:deb/ubuntu/chromium-browser@40.0.2214.94-0ubuntu0.14.04.1.1068?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"29.0.1547.65-0ubuntu2",
"31.0.1650.63-0ubuntu1~20131204.1",
"32.0.1700.107-0ubuntu1~20140204.977.1",
"33.0.1750.152-0ubuntu1~pkg995.1",
"34.0.1847.116-0ubuntu2",
"36.0.1985.125-0ubuntu1.14.04.0~pkg1029",
"37.0.2062.94-0ubuntu0.14.04.1~pkg1042",
"37.0.2062.120-0ubuntu0.14.04.1~pkg1049",
"38.0.2125.111-0ubuntu0.14.04.1.1061",
"39.0.2171.65-0ubuntu0.14.04.1.1064"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "liboxideqt-qmlplugin",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtcore0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtquick0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqmlscene",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-chromedriver",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs-extra",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "oxide-qt",
"purl": "pkg:deb/ubuntu/oxide-qt@1.4.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0~bzr437-0ubuntu1",
"1.0.0~bzr452-0ubuntu1",
"1.0.0~bzr475-0ubuntu1",
"1.0.0~bzr490-0ubuntu1",
"1.0.0~bzr501-0ubuntu1",
"1.0.0~bzr501-0ubuntu2",
"1.0.4-0ubuntu0.14.04.1",
"1.0.5-0ubuntu0.14.04.1",
"1.1.2-0ubuntu0.14.04.1",
"1.2.5-0ubuntu0.14.04.1",
"1.3.4-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.",
"id": "UBUNTU-CVE-2014-7923",
"modified": "2026-04-22T07:37:43Z",
"published": "2015-01-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7923"
},
{
"type": "REPORT",
"url": "https://codereview.chromium.org/726973003"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"
},
{
"type": "REPORT",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2476-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7923"
}
],
"related": [
"USN-2476-1",
"USN-2522-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-7923"
]
}
ubuntu-cve-2014-7926
Vulnerability from osv_ubuntu
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "chromium-browser",
"purl": "pkg:deb/ubuntu/chromium-browser@40.0.2214.94-0ubuntu0.14.04.1.1068?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"29.0.1547.65-0ubuntu2",
"31.0.1650.63-0ubuntu1~20131204.1",
"32.0.1700.107-0ubuntu1~20140204.977.1",
"33.0.1750.152-0ubuntu1~pkg995.1",
"34.0.1847.116-0ubuntu2",
"36.0.1985.125-0ubuntu1.14.04.0~pkg1029",
"37.0.2062.94-0ubuntu0.14.04.1~pkg1042",
"37.0.2062.120-0ubuntu0.14.04.1~pkg1049",
"38.0.2125.111-0ubuntu0.14.04.1.1061",
"39.0.2171.65-0ubuntu0.14.04.1.1064"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "liboxideqt-qmlplugin",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtcore0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtquick0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqmlscene",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-chromedriver",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs-extra",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "oxide-qt",
"purl": "pkg:deb/ubuntu/oxide-qt@1.4.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0~bzr437-0ubuntu1",
"1.0.0~bzr452-0ubuntu1",
"1.0.0~bzr475-0ubuntu1",
"1.0.0~bzr490-0ubuntu1",
"1.0.0~bzr501-0ubuntu1",
"1.0.0~bzr501-0ubuntu2",
"1.0.4-0ubuntu0.14.04.1",
"1.0.5-0ubuntu0.14.04.1",
"1.1.2-0ubuntu0.14.04.1",
"1.2.5-0ubuntu0.14.04.1",
"1.3.4-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.",
"id": "UBUNTU-CVE-2014-7926",
"modified": "2026-04-22T07:37:43Z",
"published": "2015-01-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7926"
},
{
"type": "REPORT",
"url": "https://codereview.chromium.org/726973003"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"
},
{
"type": "REPORT",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2476-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7926"
}
],
"related": [
"USN-2476-1",
"USN-2522-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-7926"
]
}
ubuntu-cve-2014-7940
Vulnerability from osv_ubuntu
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
| URL | Type | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "chromium-browser",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-browser-l10n",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-chromedriver",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
},
{
"binary_name": "chromium-codecs-ffmpeg-extra",
"binary_version": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "chromium-browser",
"purl": "pkg:deb/ubuntu/chromium-browser@40.0.2214.94-0ubuntu0.14.04.1.1068?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "40.0.2214.94-0ubuntu0.14.04.1.1068"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"29.0.1547.65-0ubuntu2",
"31.0.1650.63-0ubuntu1~20131204.1",
"32.0.1700.107-0ubuntu1~20140204.977.1",
"33.0.1750.152-0ubuntu1~pkg995.1",
"34.0.1847.116-0ubuntu2",
"36.0.1985.125-0ubuntu1.14.04.0~pkg1029",
"37.0.2062.94-0ubuntu0.14.04.1~pkg1042",
"37.0.2062.120-0ubuntu0.14.04.1~pkg1049",
"38.0.2125.111-0ubuntu0.14.04.1.1061",
"39.0.2171.65-0ubuntu0.14.04.1.1064"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "liboxideqt-qmlplugin",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtcore0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "liboxideqtquick0",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqmlscene",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-chromedriver",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
},
{
"binary_name": "oxideqt-codecs-extra",
"binary_version": "1.4.2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "oxide-qt",
"purl": "pkg:deb/ubuntu/oxide-qt@1.4.2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.0~bzr437-0ubuntu1",
"1.0.0~bzr452-0ubuntu1",
"1.0.0~bzr475-0ubuntu1",
"1.0.0~bzr490-0ubuntu1",
"1.0.0~bzr501-0ubuntu1",
"1.0.0~bzr501-0ubuntu2",
"1.0.4-0ubuntu0.14.04.1",
"1.0.5-0ubuntu0.14.04.1",
"1.1.2-0ubuntu0.14.04.1",
"1.2.5-0ubuntu0.14.04.1",
"1.3.4-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.",
"id": "UBUNTU-CVE-2014-7940",
"modified": "2026-04-22T07:37:44Z",
"published": "2015-01-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-7940"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/src.git/+/87feb77547781a22b31c423bc0d57b7dca32d5b8"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075"
},
{
"type": "REPORT",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2476-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7940"
}
],
"related": [
"USN-2476-1",
"USN-2522-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-7940"
]
}
ubuntu-cve-2014-9654
Vulnerability from osv_ubuntu
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "icu-devtools",
"binary_version": "52.1-3ubuntu0.2"
},
{
"binary_name": "libicu52",
"binary_version": "52.1-3ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "icu",
"purl": "pkg:deb/ubuntu/icu@52.1-3ubuntu0.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "52.1-3ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.8.1.1-12ubuntu2",
"4.8.1.1-13+nmu1",
"4.8.1.1-13+nmu1ubuntu1",
"52.1-3"
]
}
],
"aliases": [],
"details": "The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.",
"id": "UBUNTU-CVE-2014-9654",
"modified": "2026-04-22T07:37:44Z",
"published": "2015-02-05T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-9654"
},
{
"type": "REPORT",
"url": "https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5"
},
{
"type": "REPORT",
"url": "http://www.openwall.com/lists/oss-security/2015/02/05/15"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2522-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9654"
}
],
"related": [
"USN-2522-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2014-9654"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.