Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9403 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
4.3
2017-06-01 CVE-2017-6512 Race Condition vulnerability in multiple products
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
4.3
2017-05-26 CVE-2017-9239 Divide By Zero vulnerability in multiple products
An issue was discovered in Exiv2 0.26.
network
low complexity
exiv2 canonical CWE-369
6.5
2017-05-23 CVE-2017-9210 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
4.3
2017-05-23 CVE-2017-9209 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
4.3
2017-05-23 CVE-2017-9208 Infinite Loop vulnerability in multiple products
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
4.3
2017-05-08 CVE-2017-8831 Out-of-bounds Read vulnerability in multiple products
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
6.9
2017-04-14 CVE-2016-6489 Information Exposure Through Discrepancy vulnerability in multiple products
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
network
low complexity
redhat canonical nettle-project CWE-203
5.0
2017-04-13 CVE-2015-8567 Memory Leak vulnerability in multiple products
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
6.8
2017-04-12 CVE-2017-5936 Security Bypass vulnerability in OpenStack Nova-LXD
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
network
low complexity
canonical openstack
5.0