Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-05 CVE-2016-1252 Improper Certificate Validation vulnerability in multiple products
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
4.3
2017-12-01 CVE-2017-16612 Integer Overflow or Wraparound vulnerability in multiple products
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.
network
low complexity
debian canonical x CWE-190
5.0
2017-12-01 CVE-2017-16611 Link Following vulnerability in multiple products
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
local
low complexity
debian canonical x CWE-59
4.9
2017-11-27 CVE-2017-15275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
network
low complexity
samba redhat debian canonical CWE-119
5.0
2017-11-17 CVE-2017-16845 Improper Input Validation vulnerability in multiple products
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
network
low complexity
qemu debian canonical CWE-20
6.4
2017-11-15 CVE-2017-15102 NULL Pointer Dereference vulnerability in Linux Kernel
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
6.9
2017-11-07 CVE-2017-16642 Out-of-bounds Read vulnerability in PHP
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function.
network
low complexity
php debian canonical netapp CWE-125
5.0
2017-11-05 CVE-2017-16546 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
6.8
2017-11-04 CVE-2017-16533 Out-of-bounds Read vulnerability in multiple products
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux debian canonical CWE-125
6.6
2017-11-04 CVE-2017-16532 NULL Pointer Dereference vulnerability in multiple products
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux debian canonical CWE-476
6.6