Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-01-13 | CVE-2016-2090 | Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Libbsd | 9.8 | ||
| 2017-02-17 | CVE-2017-6056 | It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | Ubuntu_linux, Debian_linux | 7.5 | ||
| 2017-02-23 | CVE-2016-10109 | Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | Ubuntu_linux, Pcsc\-Lite | 7.5 | ||
| 2017-05-01 | CVE-2017-6519 | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. | Avahi, Ubuntu_linux | 9.1 | ||
| 2017-10-03 | CVE-2017-14492 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq | 9.8 | ||
| 2017-10-03 | CVE-2017-14496 | Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | Ubuntu_linux, Debian_linux, Android, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq | 7.5 | ||
| 2017-10-03 | CVE-2017-14493 | Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq | 9.8 | ||
| 2017-10-03 | CVE-2017-14494 | dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq | 5.9 | ||
| 2017-10-03 | CVE-2017-14495 | Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq | 7.5 | ||
| 2017-05-18 | CVE-2017-9058 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | Ubuntu_linux, Ytnef | 9.8 |