Filtered by vendor Canonical
Subscriptions
Total
4264 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5018 | 6 Apache, Canonical, Debian and 3 more | 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more | 2025-04-20 | 9.1 Critical |
| In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. | ||||
| CVE-2016-6794 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2025-04-20 | 5.3 Medium |
| When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. | ||||
| CVE-2017-17680 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | ||||
| CVE-2017-13078 | 7 Canonical, Debian, Freebsd and 4 more | 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. | ||||
| CVE-2017-16845 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-20 | 10.0 Critical |
| hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | ||||
| CVE-2017-17480 | 3 Canonical, Debian, Uclouvain | 3 Ubuntu Linux, Debian Linux, Openjpeg | 2025-04-20 | 9.8 Critical |
| In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
| CVE-2017-17681 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | ||||
| CVE-2017-16533 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 6.6 Medium |
| The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2015-1329 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | ||||
| CVE-2017-17682 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | ||||
| CVE-2017-16546 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 8.8 High |
| The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | ||||
| CVE-2017-13081 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | ||||
| CVE-2017-13082 | 7 Canonical, Debian, Freebsd and 4 more | 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more | 2025-04-20 | N/A |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||||
| CVE-2017-6056 | 3 Canonical, Debian, Redhat | 3 Ubuntu Linux, Debian Linux, Jboss Enterprise Application Platform | 2025-04-20 | N/A |
| It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | ||||
| CVE-2017-15908 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2025-04-20 | 7.5 High |
| In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | ||||
| CVE-2017-15281 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | N/A |
| ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | ||||
| CVE-2017-16526 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-5936 | 2 Canonical, Openstack | 2 Ubuntu Linux, Nova-lxd | 2025-04-20 | N/A |
| OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | ||||
| CVE-2017-16527 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 6.6 Medium |
| sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-9117 | 2 Canonical, Libtiff | 2 Ubuntu Linux, Libtiff | 2025-04-20 | 4 Medium |
| In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release). | ||||