Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7401 7PK - Security Features vulnerability in multiple products
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
network
low complexity
canonical djangoproject debian CWE-254
5.0
2016-10-03 CVE-2016-6352 Out-of-bounds Write vulnerability in multiple products
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
network
low complexity
canonical gnome opensuse CWE-787
5.0
2016-10-03 CVE-2016-1372 Improper Access Control vulnerability in multiple products
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
4.3
2016-10-03 CVE-2016-1371 Improper Access Control vulnerability in multiple products
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
4.3
2016-09-27 CVE-2016-7045 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
network
low complexity
irssi debian canonical CWE-119
5.0
2016-09-27 CVE-2016-7044 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
network
low complexity
irssi debian canonical CWE-119
5.0
2016-09-26 CVE-2016-6306 Out-of-bounds Read vulnerability in multiple products
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
network
high complexity
openssl hp novell nodejs debian canonical CWE-125
5.9
2016-09-26 CVE-2016-7162 Improper Input Validation vulnerability in multiple products
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
network
low complexity
canonical file-roller-project CWE-20
5.0
2016-09-20 CVE-2015-8934 Out-of-bounds Read vulnerability in multiple products
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
4.3
2016-09-20 CVE-2015-8933 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
4.3