Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2016-08-13 CVE-2016-5384 Double Free vulnerability in multiple products
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
7.8
2016-08-10 CVE-2016-5421 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
8.1
2016-08-07 CVE-2016-6128 Improper Input Validation vulnerability in multiple products
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
network
low complexity
debian opensuse libgd canonical CWE-20
7.5
2016-08-02 CVE-2016-6232 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
network
low complexity
canonical kde CWE-22
7.5
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5
2016-08-02 CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
local
low complexity
perl fedoraproject debian oracle canonical
7.8
2016-07-23 CVE-2016-5131 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8
2016-07-22 CVE-2016-6224 Improper Input Validation vulnerability in multiple products
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
ecryptfs canonical CWE-20
3.3
2016-07-22 CVE-2015-8946 Improper Input Validation vulnerability in multiple products
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
canonical ecryptfs CWE-20
3.3
2016-07-21 CVE-2016-5440 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
network
low complexity
ibm mariadb oracle debian canonical redhat
4.9