Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-06 | CVE-2015-7529 | Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 7.8 |
| 2017-11-06 | CVE-2017-16548 | Out-of-bounds Read vulnerability in multiple products The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. | 9.8 |
| 2017-11-05 | CVE-2017-16546 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | 8.8 |
| 2017-11-04 | CVE-2017-16533 | Out-of-bounds Read vulnerability in multiple products The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16532 | NULL Pointer Dereference vulnerability in multiple products The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16529 | Out-of-bounds Read vulnerability in multiple products The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16528 | Use After Free vulnerability in multiple products sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16527 | Use After Free vulnerability in multiple products sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | 6.6 |
| 2017-11-04 | CVE-2017-16526 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. | 7.8 |
| 2017-11-04 | CVE-2017-16525 | Use After Free vulnerability in multiple products The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | 6.6 |