Vulnerabilities > Canonical > Ubuntu Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-07 | CVE-2016-6262 | Out-of-bounds Read vulnerability in multiple products idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | 7.5 |
| 2016-09-07 | CVE-2016-6261 | Out-of-bounds Read vulnerability in multiple products The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | 7.5 |
| 2016-09-07 | CVE-2015-8948 | Out-of-bounds Read vulnerability in multiple products idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | 7.5 |
| 2016-09-07 | CVE-2016-6855 | Out-of-bounds Write vulnerability in multiple products Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | 7.5 |
| 2016-08-13 | CVE-2016-5384 | Double Free vulnerability in multiple products fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | 7.8 |
| 2016-08-10 | CVE-2016-5421 | Use After Free vulnerability in multiple products Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | 8.1 |
| 2016-08-02 | CVE-2016-6185 | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | 7.8 |
| 2016-07-23 | CVE-2016-5131 | Use After Free vulnerability in multiple products Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | 8.8 |
| 2016-07-19 | CVE-2016-5387 | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 8.1 |
| 2016-07-04 | CVE-2016-3092 | Improper Input Validation vulnerability in multiple products The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | 7.5 |