Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-16611 | Link Following vulnerability in multiple products In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 5.5 |
| 2017-12-01 | CVE-2017-17087 | Exposure of Resource to Wrong Sphere vulnerability in multiple products fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. | 5.5 |
| 2017-11-27 | CVE-2017-15275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 7.5 |
| 2017-11-27 | CVE-2017-14746 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 9.8 |
| 2017-11-27 | CVE-2017-14176 | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | 8.8 |
| 2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
| 2017-11-17 | CVE-2017-16845 | Improper Input Validation vulnerability in multiple products hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | 10.0 |
| 2017-11-15 | CVE-2017-15115 | Use After Free vulnerability in multiple products The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-11-15 | CVE-2017-15102 | NULL Pointer Dereference vulnerability in multiple products The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. | 6.3 |
| 2017-11-07 | CVE-2017-16642 | Out-of-bounds Read vulnerability in multiple products In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. | 7.5 |