National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:canonical:ubuntu_linux:15.10
There are 302 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

Published: June 30, 2016; 01:59:07 PM -04:00
V3: 8.8 HIGH
V2: 4.3 MEDIUM
CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

Published: June 30, 2016; 01:59:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Published: June 27, 2016; 06:59:03 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Published: June 16, 2016; 02:59:10 PM -04:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2016-2841

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Published: June 16, 2016; 02:59:07 PM -04:00
V3: 6.0 MEDIUM
V2: 2.1 LOW
CVE-2016-2392

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

Published: June 16, 2016; 02:59:04 PM -04:00
V3: 6.5 MEDIUM
V2: 2.1 LOW
CVE-2016-2391

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

Published: June 16, 2016; 02:59:03 PM -04:00
V3: 5.0 MEDIUM
V2: 2.1 LOW
CVE-2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Published: June 16, 2016; 02:59:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."

Published: June 13, 2016; 03:59:10 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-4574

Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.

Published: June 13, 2016; 03:59:09 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-3698

libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.

Published: June 13, 2016; 03:59:02 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2016-5104

The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.

Published: June 13, 2016; 10:59:08 AM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.

Published: June 13, 2016; 06:59:15 AM -04:00
V3: 8.8 HIGH
V2: 9.3 HIGH
CVE-2016-2833

Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.

Published: June 13, 2016; 06:59:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.

Published: June 13, 2016; 06:59:13 AM -04:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Published: June 13, 2016; 06:59:12 AM -04:00
V3: 8.8 HIGH
V2: 5.8 MEDIUM
CVE-2016-2829

Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.

Published: June 13, 2016; 06:59:11 AM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-2828

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Published: June 13, 2016; 06:59:10 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.

Published: June 13, 2016; 06:59:08 AM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-2822

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.

Published: June 13, 2016; 06:59:05 AM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM