Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2016-06-05 CVE-2016-1678 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google debian canonical redhat suse opensuse CWE-119
8.8
2016-06-05 CVE-2016-1675 Improper Access Control vulnerability in multiple products
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
network
low complexity
debian canonical redhat suse opensuse google CWE-284
8.8
2016-06-05 CVE-2016-1673 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
network
low complexity
google debian canonical redhat suse opensuse
8.8
2016-06-01 CVE-2016-5126 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
local
low complexity
qemu canonical oracle debian redhat CWE-787
7.8
2016-06-01 CVE-2016-3075 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
network
low complexity
opensuse gnu fedoraproject canonical CWE-119
7.5
2016-05-23 CVE-2016-4001 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
network
low complexity
qemu canonical fedoraproject debian CWE-120
8.6
2016-05-23 CVE-2016-4951 The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
local
low complexity
linux canonical oracle
7.8
2016-05-23 CVE-2016-4913 Information Exposure vulnerability in multiple products
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
local
low complexity
canonical linux oracle novell CWE-200
7.8
2016-05-23 CVE-2016-4805 Use After Free vulnerability in multiple products
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
local
low complexity
novell redhat canonical linux oracle CWE-416
7.8
2016-05-23 CVE-2016-4794 Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
local
low complexity
linux canonical
7.8