Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2015-7511 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
high complexity
gnupg debian canonical CWE-200
2.0
2016-04-19 CVE-2014-9765 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
network
low complexity
canonical debian xdelta opensuse CWE-119
8.8
2016-04-19 CVE-2014-9761 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
network
low complexity
suse opensuse fedoraproject gnu canonical CWE-119
critical
9.8
2016-04-18 CVE-2016-3941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
local
low complexity
videolan canonical CWE-119
5.5
2016-04-18 CVE-2016-1659 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
debian suse opensuse canonical google
critical
9.8
2016-04-18 CVE-2016-1655 Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.
network
low complexity
debian suse opensuse google canonical
8.8
2016-04-18 CVE-2016-1654 Improper Input Validation vulnerability in multiple products
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
network
low complexity
debian suse opensuse google canonical CWE-20
6.5
2016-04-18 CVE-2016-1653 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
network
low complexity
debian suse opensuse canonical google CWE-119
8.8
2016-04-15 CVE-2016-3961 Improper Input Validation vulnerability in multiple products
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
local
low complexity
canonical xen CWE-20
5.5
2016-04-14 CVE-2015-5247 Improper Access Control vulnerability in multiple products
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
network
low complexity
redhat canonical CWE-284
6.5