Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-15016 NULL Pointer Dereference vulnerability in multiple products
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
network
low complexity
imagemagick canonical CWE-476
8.8
2017-10-05 CVE-2017-15015 NULL Pointer Dereference vulnerability in multiple products
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
network
low complexity
imagemagick canonical CWE-476
8.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
2017-10-03 CVE-2017-14496 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
7.5
2017-10-03 CVE-2017-14495 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
network
low complexity
redhat debian canonical thekelleys CWE-772
7.5
2017-10-03 CVE-2017-13704 Improper Input Validation vulnerability in multiple products
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.
7.5
2017-09-20 CVE-2017-14607 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c.
network
low complexity
imagemagick debian canonical CWE-125
8.1
2017-09-20 CVE-2015-1329 Use After Free vulnerability in Canonical Ubuntu Linux 14.04/15.04
Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.
network
low complexity
canonical CWE-416
8.8
2017-09-07 CVE-2017-6362 Double Free vulnerability in multiple products
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
network
low complexity
libgd debian fedoraproject canonical CWE-415
7.5
2017-08-31 CVE-2017-0902 Origin Validation Error vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
network
high complexity
rubygems debian canonical redhat CWE-346
8.1