Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-27 CVE-2015-5180 NULL Pointer Dereference vulnerability in multiple products
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
network
low complexity
canonical gnu CWE-476
7.5
2017-06-26 CVE-2017-9935 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
network
low complexity
libtiff canonical debian CWE-125
8.8
2017-06-08 CVE-2017-9022 Improper Input Validation vulnerability in multiple products
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-20
7.5
2017-06-01 CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
network
low complexity
git opensuse debian canonical fedoraproject
8.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. 8.8
2017-05-23 CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. 8.8
2017-04-18 CVE-2017-7645 Improper Input Validation vulnerability in multiple products
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian canonical CWE-20
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-14 CVE-2016-6489 Information Exposure Through Discrepancy vulnerability in multiple products
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
network
low complexity
redhat canonical nettle-project CWE-203
7.5
2017-04-14 CVE-2016-0727 Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 12.04/14.04/16.04
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
local
low complexity
canonical CWE-264
7.8