Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2015-8567 Memory Leak vulnerability in multiple products
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
7.7
2017-04-12 CVE-2017-5936 OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
network
low complexity
canonical openstack
7.5
2017-04-05 CVE-2017-7358 Path Traversal vulnerability in multiple products
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
local
low complexity
lightdm-project canonical CWE-22
7.3
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
2017-03-27 CVE-2016-9243 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
network
low complexity
cryptography-io fedoraproject canonical
7.5
2017-03-23 CVE-2016-9775 Permissions, Privileges, and Access Controls vulnerability in multiple products
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
local
low complexity
debian canonical apache CWE-264
7.8
2017-03-23 CVE-2016-9774 Link Following vulnerability in multiple products
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
local
low complexity
debian canonical apache CWE-59
7.8
2017-03-20 CVE-2014-9851 Improper Input Validation vulnerability in multiple products
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
7.5
2017-03-20 CVE-2014-9850 Resource Management Errors vulnerability in multiple products
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
7.5
2017-03-20 CVE-2014-9849 Resource Exhaustion vulnerability in multiple products
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
7.5