Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-09 CVE-2017-7613 Improper Input Validation vulnerability in multiple products
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
4.3
2017-04-09 CVE-2017-7612 Out-of-bounds Read vulnerability in multiple products
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
4.3
2017-04-09 CVE-2017-7611 Out-of-bounds Read vulnerability in multiple products
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
4.3
2017-04-09 CVE-2017-7610 Out-of-bounds Read vulnerability in multiple products
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
4.3
2017-04-09 CVE-2017-7608 Out-of-bounds Read vulnerability in multiple products
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
4.3
2017-04-05 CVE-2017-7358 Path Traversal vulnerability in multiple products
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
6.9
2017-03-23 CVE-2016-9388 Reachable Assertion vulnerability in multiple products
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
local
low complexity
jasper-project canonical CWE-617
5.5
2017-03-20 CVE-2014-9851 Improper Input Validation vulnerability in multiple products
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
5.0
2017-03-20 CVE-2014-9850 Resource Management Errors vulnerability in multiple products
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
5.0
2017-03-20 CVE-2014-9849 Resource Exhaustion vulnerability in multiple products
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
5.0