Vulnerabilities > Canonical > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-01 | CVE-2017-6519 | Origin Validation Error vulnerability in multiple products avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. | 9.1 |
| 2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
| 2017-03-23 | CVE-2017-5897 | Out-of-bounds Read vulnerability in multiple products The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | 9.8 |
| 2017-03-20 | CVE-2014-9847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | 9.8 |
| 2017-03-20 | CVE-2014-9846 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | 9.8 |
| 2017-03-20 | CVE-2014-9843 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
| 2017-03-20 | CVE-2014-9841 | 7PK - Errors vulnerability in multiple products The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | 9.8 |
| 2017-02-13 | CVE-2015-8768 | Permissions, Privileges, and Access Controls vulnerability in multiple products click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. | 9.8 |
| 2017-02-09 | CVE-2016-2148 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | 9.8 |
| 2017-01-13 | CVE-2016-2090 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | 9.8 |