Ubuntu Linux@16.10 Security Vulnerabilities and Issues — Ubuntu Linux@16.10 CVE List

Lucene search

CanonicalUbuntu Linux16.10

8 matches found

CVE•added 2016/11/10 9:59 p.m.•1989 views

CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

7.2CVSS7.8AI score0.94094EPSS

CVE•added 2016/12/09 8:59 p.m.•416 views

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

8.1CVSS8.6AI score0.03184EPSS

CVE•added 2016/12/09 8:59 p.m.•410 views

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually s...

9.8CVSS9AI score0.02723EPSS

CVE•added 2016/12/08 8:59 a.m.•203 views

CVE-2016-8655

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

7.8CVSS7.6AI score0.39139EPSS

CVE•added 2016/10/03 3:59 p.m.•144 views

CVE-2016-5180

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

9.8CVSS9.8AI score0.22414EPSS

CVE•added 2016/05/02 10:59 a.m.•141 views

CVE-2016-1575

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

7.8CVSS7.2AI score0.00525EPSS

CVE•added 2016/10/16 9:59 p.m.•141 views

CVE-2016-7425

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control cod...

7.8CVSS7.4AI score0.00077EPSS

CVE•added 2016/05/02 10:59 a.m.•127 views

CVE-2016-1576

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.

7.8CVSS7.2AI score0.00352EPSS