Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-13 | CVE-2016-5104 | Improper Access Control vulnerability in multiple products The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | 5.0 |
| 2016-06-13 | CVE-2016-2833 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | 4.3 |
| 2016-06-13 | CVE-2016-2832 | Information Exposure vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | 4.3 |
| 2016-06-13 | CVE-2016-2829 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission. | 4.3 |
| 2016-06-13 | CVE-2016-2825 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | 4.3 |
| 2016-06-13 | CVE-2016-2822 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. | 6.5 |
| 2016-06-10 | CVE-2016-4429 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. | 5.9 |
| 2016-06-09 | CVE-2016-4449 | Improper Input Validation vulnerability in multiple products XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | 5.8 |
| 2016-06-07 | CVE-2016-4450 | NULL Pointer Dereference vulnerability in multiple products os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. | 5.0 |
| 2016-06-05 | CVE-2016-1702 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. | 6.5 |