Vulnerabilities > Canonical > Ubuntu Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2014-9847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | 7.5 |
| 2017-03-20 | CVE-2014-9846 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | 7.5 |
| 2017-03-20 | CVE-2014-9843 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2017-03-20 | CVE-2014-9841 | 7PK - Errors vulnerability in multiple products The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | 7.5 |
| 2017-03-17 | CVE-2017-6960 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in apng2gif 1.7. | 7.5 |
| 2017-02-23 | CVE-2016-10109 | Use After Free vulnerability in multiple products Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | 7.5 |
| 2017-02-17 | CVE-2017-6056 | Infinite Loop vulnerability in multiple products It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. | 7.5 |
| 2017-02-13 | CVE-2015-8768 | Permissions, Privileges, and Access Controls vulnerability in multiple products click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. | 7.5 |
| 2017-02-09 | CVE-2016-2148 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | 7.5 |
| 2017-02-03 | CVE-2016-10165 | Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | 7.1 |