Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2017-04-09 CVE-2017-7612 Out-of-bounds Read vulnerability in multiple products
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7611 Out-of-bounds Read vulnerability in multiple products
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7610 Out-of-bounds Read vulnerability in multiple products
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7608 Out-of-bounds Read vulnerability in multiple products
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
 9.8
9.8
2017-04-05 CVE-2017-7358 Path Traversal vulnerability in multiple products
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
local
low complexity
lightdm-project canonical CWE-22
7.3
7.3
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
7.8
2017-03-27 CVE-2016-9243 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
network
low complexity
cryptography-io fedoraproject canonical
7.5
7.5
2017-03-24 CVE-2017-6507 Improper Privilege Management vulnerability in multiple products
An issue was discovered in AppArmor before 2.12.
network
high complexity
apparmor canonical CWE-269
5.9
5.9
2017-03-23 CVE-2016-9388 Reachable Assertion vulnerability in multiple products
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
local
low complexity
jasper-project canonical CWE-617
5.5
5.5