Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8916 |
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. Published: September 20, 2016; 10:15:01 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6262 |
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. Published: September 07, 2016; 4:59:05 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6261 |
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. Published: September 07, 2016; 4:59:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-8948 |
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Published: September 07, 2016; 4:59:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6855 |
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Published: September 07, 2016; 2:59:05 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6351 |
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. Published: September 07, 2016; 2:59:04 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2016-5107 |
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. Published: September 02, 2016; 10:59:04 AM -0400 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0: 1.9 LOW |
CVE-2016-5106 |
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. Published: September 02, 2016; 10:59:03 AM -0400 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0: 1.9 LOW |
CVE-2016-5105 |
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. Published: September 02, 2016; 10:59:02 AM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 1.9 LOW |
CVE-2016-4952 |
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. Published: September 02, 2016; 10:59:01 AM -0400 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0: 1.9 LOW |
CVE-2016-5421 |
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Published: August 10, 2016; 10:59:06 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-6128 |
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. Published: August 07, 2016; 6:59:22 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5403 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. Published: August 02, 2016; 12:59:03 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-6185 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. Published: August 02, 2016; 10:59:02 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2016-5131 |
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Published: July 23, 2016; 3:59:13 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-8946 |
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. Published: July 22, 2016; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-5440 |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Published: July 21, 2016; 6:14:53 AM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-5439 |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. Published: July 21, 2016; 6:14:52 AM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-3615 |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. Published: July 21, 2016; 6:14:49 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-3614 |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. Published: July 21, 2016; 6:14:48 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 3.5 LOW |