Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-25 CVE-2014-9637 Resource Management Errors vulnerability in multiple products
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
local
low complexity
fedoraproject mageia canonical gnu CWE-399
5.5
2017-08-23 CVE-2017-13145 Improper Input Validation vulnerability in multiple products
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
network
low complexity
imagemagick debian canonical CWE-20
6.5
2017-08-10 CVE-2016-6794 When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager.
network
low complexity
apache debian redhat netapp canonical oracle
5.3
2017-08-10 CVE-2016-0762 Information Exposure Through Discrepancy vulnerability in multiple products
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist.
network
high complexity
apache canonical debian redhat netapp oracle CWE-203
5.9
2017-07-27 CVE-2017-11683 Reachable Assertion vulnerability in multiple products
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
network
low complexity
exiv2 canonical debian CWE-617
6.5
2017-07-21 CVE-2015-1323 Information Exposure vulnerability in Canonical Ubuntu Linux
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.
local
low complexity
canonical CWE-200
5.5
2017-07-17 CVE-2017-11352 In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
network
low complexity
imagemagick debian canonical
6.5
2017-06-26 CVE-2017-9936 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c.
network
low complexity
libtiff debian canonical CWE-772
6.5
2017-06-22 CVE-2017-9815 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
network
low complexity
libtiff canonical CWE-772
6.5
2017-06-07 CVE-2017-9473 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
local
low complexity
ytnef-project canonical
5.5