Vulnerabilities > Canonical > Ubuntu Linux > 14.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-16 | CVE-2012-6702 | Cryptographic Issues vulnerability in multiple products Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | 5.9 |
| 2016-06-14 | CVE-2016-5338 | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | 7.8 |
| 2016-06-14 | CVE-2016-5337 | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | 5.5 |
| 2016-06-14 | CVE-2016-5238 | Out-of-bounds Write vulnerability in multiple products The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | 2.1 |
| 2016-06-13 | CVE-2016-4579 | Improper Input Validation vulnerability in multiple products Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | 7.5 |
| 2016-06-13 | CVE-2016-4574 | Numeric Errors vulnerability in multiple products Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. | 7.5 |
| 2016-06-13 | CVE-2016-4356 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | 7.5 |
| 2016-06-13 | CVE-2016-4355 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 |
| 2016-06-13 | CVE-2016-4354 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 |
| 2016-06-13 | CVE-2016-4353 | Improper Input Validation vulnerability in multiple products ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | 7.5 |