VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2016-1688MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.

  • CVE-2016-1677MedJun 5, 2016
    risk 0.42cvss 6.5epss 0.03

    uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

  • CVE-2016-4020MedMay 25, 2016
    risk 0.42cvss 6.5epss 0.00

    The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

  • CVE-2016-2117HigMay 2, 2016
    risk 0.42cvss 7.5epss 0.06

    The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

  • CVE-2016-1654MedApr 18, 2016
    risk 0.42cvss 6.5epss 0.01

    The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.

  • CVE-2015-5247MedApr 14, 2016
    risk 0.42cvss 6.5epss 0.01

    The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.

  • CVE-2016-2858MedApr 7, 2016
    risk 0.42cvss 6.5epss 0.00

    QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

  • CVE-2016-2073MedFeb 12, 2016
    risk 0.42cvss 6.5epss 0.03

    The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

  • CVE-2014-3687HigNov 10, 2014
    risk 0.42cvss 7.5epss 0.09

    The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect…

  • CVE-2014-3673HigNov 10, 2014
    risk 0.42cvss 7.5epss 0.07

    The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

  • CVE-2012-3489MedOct 3, 2012
    risk 0.42cvss 6.5epss 0.03

    The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file…

  • CVE-2012-0260MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

  • CVE-2012-0259MedJun 5, 2012
    risk 0.42cvss 6.5epss 0.02

    The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

  • CVE-2010-2249MedJun 30, 2010
    risk 0.42cvss 6.5epss 0.03

    Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

  • CVE-2009-2416MedAug 11, 2009
    risk 0.42cvss 6.5epss 0.02

    Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as…

  • CVE-2008-3281MedAug 27, 2008
    risk 0.42cvss 6.5epss 0.03

    libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

  • CVE-2017-15102MedNov 15, 2017
    risk 0.41cvss 6.3epss 0.00

    The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and…

  • CVE-2017-6590MedMar 9, 2017
    risk 0.41cvss 6.3epss 0.00

    An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user.…

  • CVE-2016-4008MedMay 5, 2016
    risk 0.41cvss 5.9epss 0.30

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

  • CVE-2016-2069HigApr 27, 2016
    risk 0.41cvss 7.4epss 0.00

    Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

Page 26 of 95