14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-21	CVE-2015-5300	7PK - Time and State vulnerability in multiple Linux Systems The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). network low complexity fedoraproject suse opensuse redhat debian canonical ntp CWE-361	5.0
2017-07-21	CVE-2015-5219	Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. network low complexity fedoraproject suse redhat debian canonical ntp novell opensuse siemens oracle CWE-704	7.5
2017-07-21	CVE-2015-5195	Improper Input Validation vulnerability in multiple products ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. network low complexity fedoraproject redhat debian canonical ntp CWE-20	7.5
2017-07-21	CVE-2015-5194	Improper Input Validation vulnerability in multiple products The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. network low complexity fedoraproject suse redhat debian canonical ntp CWE-20	7.5
2017-07-21	CVE-2015-1323	Information Exposure vulnerability in Canonical Ubuntu Linux The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. local low complexity canonical CWE-200	4.9
2017-07-20	CVE-2017-11473	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. local low complexity linux canonical CWE-120	7.8
2017-07-17	CVE-2017-11352	In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. network imagemagick debian canonical	4.3
2017-07-17	CVE-2017-1000050	NULL Pointer Dereference vulnerability in multiple products JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. network low complexity jasper-project fedoraproject redhat canonical CWE-476	7.5
2017-07-08	CVE-2017-11111	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. network nasm canonical CWE-119	6.8
2017-06-29	CVE-2017-10686	Use After Free vulnerability in multiple products In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. network nasm canonical CWE-416	6.8