12.04

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-24	CVE-2017-5669	The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. local low complexity linux debian canonical	7.8
2017-02-23	CVE-2016-10109	Use After Free vulnerability in multiple products Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. network low complexity muscle canonical CWE-416	7.5
2017-02-17	CVE-2017-6056	Infinite Loop vulnerability in multiple products It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. network low complexity canonical debian CWE-835	7.5
2017-02-13	CVE-2016-3616	NULL Pointer Dereference vulnerability in multiple products The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. network low complexity libjpeg-turbo redhat debian canonical CWE-476	8.8
2017-02-03	CVE-2016-10165	Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. local low complexity littlecms debian canonical opensuse redhat netapp CWE-125	7.1
2017-02-01	CVE-2016-9963	Key Management Errors vulnerability in multiple products Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. network high complexity exim canonical debian CWE-320	5.9
2017-01-30	CVE-2016-9119	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity moinmo canonical debian CWE-79	6.1
2017-01-30	CVE-2015-7977	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. network high complexity ntp oracle siemens netapp freebsd fedoraproject debian canonical CWE-476	5.9
2017-01-30	CVE-2015-7973	7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. network high complexity ntp siemens freebsd netapp canonical CWE-254	6.5
2017-01-27	CVE-2017-3313	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). local high complexity oracle debian canonical redhat mariadb	4.7