Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9766 2 Canonical, Pixman 2 Ubuntu Linux, Pixman 2016-12-02 7.5 HIGH 9.8 CRITICAL
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVE-2014-9093 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2016-12-02 7.5 HIGH N/A
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-8544 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2016-12-02 7.5 HIGH N/A
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
CVE-2014-8541 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2016-12-02 7.5 HIGH N/A
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.
CVE-2014-8543 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2016-12-02 7.5 HIGH N/A
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.
CVE-2014-8548 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2016-12-02 7.5 HIGH N/A
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
CVE-2014-8547 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2016-12-02 7.5 HIGH N/A
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
CVE-2013-7447 2 Canonical, Gtk 2 Ubuntu Linux, Gtk\\\+ 2016-12-02 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
CVE-2016-3138 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2016-11-30 4.9 MEDIUM 4.6 MEDIUM
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE-2016-3137 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2016-11-30 4.9 MEDIUM 4.6 MEDIUM
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
CVE-2016-2186 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2016-11-30 4.9 MEDIUM 4.6 MEDIUM
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2185 3 Canonical, Linux, Novell 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more 2016-11-30 4.9 MEDIUM 4.6 MEDIUM
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-4052 2 Canonical, Squid-cache 2 Ubuntu Linux, Squid 2016-11-29 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-3941 2 Canonical, Videolan 2 Ubuntu Linux, Vlc Media Player 2016-11-29 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
CVE-2016-6232 2 Canonical, Kde 2 Ubuntu Linux, Karchives 2016-11-28 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
CVE-2016-4580 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2016-11-28 5.0 MEDIUM 7.5 HIGH
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
CVE-2016-4482 4 Canonical, Fedoraproject, Linux and 1 more 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more 2016-11-28 2.1 LOW 6.2 MEDIUM
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2016-4485 3 Canonical, Linux, Novell 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more 2016-11-28 5.0 MEDIUM 7.5 HIGH
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
CVE-2016-3961 2 Canonical, Xen 2 Ubuntu Linux, Xen 2016-11-28 2.1 LOW 5.5 MEDIUM
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
CVE-2016-3947 2 Canonical, Squid-cache 2 Ubuntu Linux, Squid 2016-11-28 7.5 HIGH 8.2 HIGH
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.