Ubuntu Linux Security Vulnerabilities and Issues — Ubuntu Linux CVE List

Lucene search

CanonicalUbuntu Linux

13 matches found

CVE•added 2017/04/06 9:59 p.m.•978 views

CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency wit...

9.8CVSS8AI score0.94003EPSS

CVE•added 2017/04/17 12:59 a.m.•244 views

CVE-2017-7889

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /de...

7.8CVSS7.1AI score0.00033EPSS

CVE•added 2017/04/18 2:59 p.m.•219 views

CVE-2017-7645

The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.

7.8CVSS7.9AI score0.16011EPSS

CVE•added 2017/04/09 2:59 p.m.•212 views

CVE-2017-7608

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5CVSS5.3AI score0.00179EPSS

CVE•added 2017/04/09 2:59 p.m.•196 views

CVE-2017-7610

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5CVSS5.3AI score0.00341EPSS

CVE•added 2017/04/09 2:59 p.m.•193 views

CVE-2017-7612

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5CVSS5.3AI score0.00341EPSS

CVE•added 2017/04/09 2:59 p.m.•191 views

CVE-2017-7611

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5CVSS5.3AI score0.00261EPSS

CVE•added 2017/04/09 2:59 p.m.•185 views

CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

5.5CVSS5.3AI score0.00208EPSS

CVE•added 2017/04/14 6:59 p.m.•128 views

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

7.5CVSS7.3AI score0.02102EPSS

CVE•added 2017/04/13 5:59 p.m.•96 views

CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).

7.7CVSS7.7AI score0.04759EPSS

CVE•added 2017/04/14 6:59 p.m.•85 views

CVE-2016-0727

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrar...

7.8CVSS7.4AI score0.03285EPSS

CVE•added 2017/04/05 6:59 a.m.•71 views

CVE-2017-7358

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

7.3CVSS7AI score0.01019EPSS

CVE•added 2017/04/12 10:59 p.m.•52 views

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

7.5CVSS7.5AI score0.02467EPSS