Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-18 | CVE-2017-9058 | Out-of-bounds Read vulnerability in multiple products In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | 9.8 |
| 2017-05-08 | CVE-2017-8831 | Out-of-bounds Read vulnerability in multiple products The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. | 6.4 |
| 2017-05-01 | CVE-2017-6519 | Origin Validation Error vulnerability in multiple products avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. | 9.1 |
| 2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
| 2017-04-17 | CVE-2017-7889 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 7.8 |
| 2017-04-14 | CVE-2016-6489 | Information Exposure Through Discrepancy vulnerability in multiple products The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. | 7.5 |
| 2017-04-14 | CVE-2016-0727 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.04/14.04/16.04 The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup. | 7.8 |
| 2017-04-13 | CVE-2015-8567 | Memory Leak vulnerability in multiple products Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | 7.7 |
| 2017-04-12 | CVE-2017-5936 | OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | 7.5 |
| 2017-04-09 | CVE-2017-7613 | Improper Input Validation vulnerability in multiple products elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | 5.5 |