Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-13 | CVE-2016-2116 | Resource Management Errors vulnerability in multiple products Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. | 5.7 |
2016-04-13 | CVE-2016-1577 | Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. | 7.6 |
2016-04-13 | CVE-2014-9766 | Numeric Errors vulnerability in multiple products Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. | 9.8 |
2016-04-12 | CVE-2016-2118 | 7PK - Security Features vulnerability in multiple products The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." | 7.5 |
2016-04-12 | CVE-2016-3157 | Permissions, Privileges, and Access Controls vulnerability in multiple products The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | 7.8 |
2016-04-12 | CVE-2016-2857 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | 8.4 |
2016-04-08 | CVE-2016-2381 | Improper Input Validation vulnerability in multiple products Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | 7.5 |
2016-04-07 | CVE-2016-2510 | Data Processing Errors vulnerability in multiple products BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. | 8.1 |
2016-04-07 | CVE-2016-2858 | Insufficient Entropy vulnerability in multiple products QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | 6.5 |
2016-04-07 | CVE-2016-3947 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. | 8.2 |