Search Results (4309 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7645 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-20 7.5 High
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
CVE-2014-9848 4 Canonical, Imagemagick, Opensuse and 1 more 10 Ubuntu Linux, Imagemagick, Leap and 7 more 2025-04-20 7.5 High
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVE-2017-9058 2 Canonical, Ytnef Project 2 Ubuntu Linux, Ytnef 2025-04-20 N/A
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
CVE-2017-9473 2 Canonical, Ytnef Project 2 Ubuntu Linux, Ytnef 2025-04-20 N/A
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-6960 3 Apng2gif Project, Canonical, Debian 3 Apng2gif, Ubuntu Linux, Debian Linux 2025-04-20 7.5 High
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.
CVE-2017-6964 2 Canonical, Debian 2 Ubuntu Linux, Debian Linux 2025-04-20 7.8 High
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.
CVE-2017-6590 1 Canonical 1 Ubuntu Linux 2025-04-20 N/A
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
CVE-2017-7160 3 Apple, Canonical, Microsoft 8 Icloud, Iphone Os, Itunes and 5 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-6512 3 Canonical, Debian, File\ 3 Ubuntu Linux, Debian Linux, \ 2025-04-20 5.9 Medium
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
CVE-2017-7184 3 Canonical, Linux, Redhat 8 Ubuntu Linux, Linux Kernel, Enterprise Linux and 5 more 2025-04-20 7.8 High
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
CVE-2014-9637 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Patch and 1 more 2025-04-20 N/A
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVE-2017-6056 3 Canonical, Debian, Redhat 3 Ubuntu Linux, Debian Linux, Jboss Enterprise Application Platform 2025-04-20 N/A
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
CVE-2017-5936 2 Canonical, Openstack 2 Ubuntu Linux, Nova-lxd 2025-04-20 N/A
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
CVE-2017-6362 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-20 N/A
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
CVE-2017-5897 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 9.8 Critical
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
CVE-2017-6507 2 Apparmor, Canonical 3 Apparmor, Ubuntu Core, Ubuntu Touch 2025-04-20 N/A
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.
CVE-2017-7358 2 Canonical, Lightdm Project 2 Ubuntu Linux, Lightdm 2025-04-20 N/A
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVE-2017-17934 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVE-2017-2888 3 Canonical, Debian, Libsdl 3 Ubuntu Linux, Debian Linux, Simple Directmedia Layer 2025-04-20 8.8 High
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CVE-2017-17914 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.