UBUNTU-CVE-2017-5028

Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2017-14442

An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability...

UBUNTU-CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

UBUNTU-CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

UBUNTU-CVE-2017-0903

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

UBUNTU-CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

UBUNTU-CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...

UBUNTU-CVE-2017-9164

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GETCOLOR function in color.c:16:11...

UBUNTU-CVE-2017-9198

libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18...

UBUNTU-CVE-2017-7888

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier...

UBUNTU-CVE-2017-7602

LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...

UBUNTU-CVE-2017-6468

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records...

UBUNTU-CVE-2017-5019

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...