Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-24 CVE-2017-11591 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
network
low complexity
exiv2 canonical debian
7.5
2017-07-21 CVE-2015-5300 7PK - Time and State vulnerability in multiple products
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
7.5
2017-07-21 CVE-2015-5219 Incorrect Type Conversion or Cast vulnerability in multiple products
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
7.5
2017-07-21 CVE-2015-5195 Improper Input Validation vulnerability in multiple products
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
network
low complexity
fedoraproject redhat debian canonical ntp CWE-20
7.5
2017-07-21 CVE-2015-5194 Improper Input Validation vulnerability in multiple products
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
7.5
2017-07-20 CVE-2017-11473 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
local
low complexity
linux canonical CWE-120
7.8
2017-07-17 CVE-2017-1000050 NULL Pointer Dereference vulnerability in multiple products
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
7.5
2017-07-08 CVE-2017-11111 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
local
low complexity
nasm canonical CWE-119
7.8
2017-06-29 CVE-2017-10686 Use After Free vulnerability in multiple products
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm.
local
low complexity
nasm canonical CWE-416
7.8
2017-06-28 CVE-2017-9985 Out-of-bounds Read vulnerability in multiple products
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
local
low complexity
linux canonical CWE-125
7.8