Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-08-02 | CVE-2016-6232 | Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | Ubuntu_linux, Karchives | 7.5 | ||
| 2017-01-27 | CVE-2016-5824 | libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | Ubuntu_linux, Libical, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 | ||
| 2016-07-21 | CVE-2016-5439 | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | Ubuntu_linux, Mysql | 4.9 | ||
| 2016-06-13 | CVE-2016-5104 | The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | Ubuntu_linux, Libimobiledevice, Libusbmuxd, Leap, Opensuse | 5.3 | ||
| 2016-05-23 | CVE-2016-4580 | The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. | Ubuntu_linux, Linux_kernel | 7.5 | ||
| 2016-05-23 | CVE-2016-4578 | sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 5.5 | ||
| 2016-06-09 | CVE-2016-4449 | XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | Ubuntu_linux, Debian_linux, Libxml2 | 7.1 | ||
| 2016-07-08 | CVE-2016-4324 | Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | Ubuntu_linux, Debian_linux, Libreoffice | 7.8 | ||
| 2017-01-06 | CVE-2016-4323 | A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | Ubuntu_linux, Debian_linux, Pidgin | 3.7 | ||
| 2016-04-25 | CVE-2016-4052 | Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. | Ubuntu_linux, Squid | 8.1 |