Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2017-02-17 CVE-2017-6056 Infinite Loop vulnerability in multiple products
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
network
low complexity
canonical debian CWE-835
7.5
2017-02-13 CVE-2016-3616 NULL Pointer Dereference vulnerability in multiple products
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
network
low complexity
libjpeg-turbo redhat debian canonical CWE-476
8.8
2017-02-13 CVE-2015-8768 Permissions, Privileges, and Access Controls vulnerability in multiple products
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
network
low complexity
click-project canonical CWE-264
critical
9.8
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
critical
9.8
2017-02-09 CVE-2016-2147 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
network
low complexity
busybox debian canonical CWE-190
7.5
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-02-01 CVE-2016-9963 Key Management Errors vulnerability in multiple products
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
network
high complexity
exim canonical debian CWE-320
5.9
2017-01-30 CVE-2016-9119 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
moinmo canonical debian CWE-79
6.1
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-30 CVE-2015-7973 7PK - Security Features vulnerability in multiple products
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp siemens freebsd netapp canonical CWE-254
6.5