Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2017-06-01 CVE-2017-6512 Race Condition vulnerability in multiple products
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
network
high complexity
file canonical debian CWE-362
5.9
5.9
2017-05-28 CVE-2017-9232 Missing Authorization vulnerability in Canonical Juju
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
network
low complexity
canonical CWE-862
critical
 9.8
9.8
2017-05-26 CVE-2017-9239 Divide By Zero vulnerability in multiple products
An issue was discovered in Exiv2 0.26.
network
low complexity
exiv2 canonical CWE-369
6.5
6.5
2017-05-23 CVE-2017-9210 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
local
low complexity
qpdf-project canonical CWE-835
5.5
5.5
2017-05-23 CVE-2017-9209 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
local
low complexity
qpdf-project canonical CWE-835
5.5
5.5
2017-05-23 CVE-2017-9208 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
local
low complexity
qpdf-project canonical CWE-835
5.5
5.5
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
 9.8
9.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. 8.8
8.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
 9.8
9.8
2017-05-23 CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. 8.8
8.8