Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-07-22 | CVE-2016-6224 | ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | Ubuntu_linux, Ecryptfs\-Utils | 3.3 | ||
| 2016-07-23 | CVE-2016-5131 | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Chrome, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise, Libxml2 | 8.8 | ||
| 2016-08-02 | CVE-2016-6185 | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | Ubuntu_linux, Debian_linux, Fedora, Solaris, Perl | 7.8 | ||
| 2016-08-10 | CVE-2016-5421 | Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | Ubuntu_linux, Debian_linux, Fedora, Libcurl, Leap, Opensuse | 8.1 | ||
| 2016-09-07 | CVE-2016-6855 | Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. | Ubuntu_linux, Fedora, Eye_of_gnome, Leap, Opensuse | 7.5 | ||
| 2016-09-07 | CVE-2015-8948 | idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | Ubuntu_linux, Libidn, Leap, Opensuse | 7.5 | ||
| 2016-09-07 | CVE-2016-6261 | The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. | Ubuntu_linux, Libidn, Leap | 7.5 | ||
| 2016-09-07 | CVE-2016-6262 | idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. | Ubuntu_linux, Libidn, Leap, Opensuse | 7.5 | ||
| 2016-09-26 | CVE-2016-6306 | The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | Ubuntu_linux, Debian_linux, Icewall_federation_agent, Icewall_mcrp, Icewall_sso, Icewall_sso_agent_option, Node\.js, Suse_linux_enterprise_module_for_web_scripting, Openssl | 5.9 | ||
| 2016-10-03 | CVE-2016-5180 | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | C\-Ares, C\-Ares, Ubuntu_linux, Debian_linux, Node\.js | 9.8 |