Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-02 CVE-2016-2186 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
low complexity
linux novell canonical
4.6
2016-05-02 CVE-2016-2185 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
low complexity
canonical linux novell
4.6
2016-04-27 CVE-2016-3156 Resource Management Errors vulnerability in multiple products
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
local
low complexity
novell canonical linux CWE-399
5.5
2016-04-27 CVE-2016-2184 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
low complexity
linux canonical novell
4.6
2016-04-27 CVE-2016-2069 Race Condition vulnerability in multiple products
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
4.4
2016-04-26 CVE-2016-4002 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
6.8
2016-04-25 CVE-2016-4054 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
6.8
2016-04-25 CVE-2016-4053 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
4.3
2016-04-25 CVE-2016-4052 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
6.8
2016-04-25 CVE-2016-4051 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
6.8