CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux » 16.10 : Security Vulnerabilities

Cpe Name:cpe:/o:canonical:ubuntu_linux:16.10
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9022 20 DoS 2017-06-08 2019-04-16
5.0
None Remote Low Not required None None Partial
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
2 CVE-2017-8386 +Priv 2017-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
3 CVE-2017-7980 119 DoS Exec Code Overflow 2017-07-25 2019-04-22
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
4 CVE-2017-7358 22 Dir. Trav. 2017-04-05 2017-08-15
6.9
None Local Medium Not required Complete Complete Complete
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
5 CVE-2017-6964 252 Exec Code 2017-03-27 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.
6 CVE-2017-6590 863 Exec Code 2017-03-09 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
7 CVE-2016-10109 416 DoS 2017-02-23 2017-11-03
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
8 CVE-2016-9963 320 2017-02-01 2017-02-15
2.6
None Remote High Not required Partial None None
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
9 CVE-2016-9775 264 +Priv 2017-03-23 2018-08-01
7.2
None Local Low Not required Complete Complete Complete
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
10 CVE-2016-9774 59 +Priv +Info 2017-03-23 2018-08-01
7.2
None Local Low Not required Complete Complete Complete
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
11 CVE-2016-9243 20 2017-03-27 2017-04-04
5.0
None Remote Low Not required None Partial None
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
12 CVE-2016-9119 79 XSS 2017-01-30 2017-02-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13 CVE-2016-9014 264 2016-12-09 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
14 CVE-2016-9013 798 2016-12-09 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.
15 CVE-2016-6489 310 2017-04-14 2017-06-30
5.0
None Remote Low Not required Partial None None
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
16 CVE-2016-1576 264 +Priv 2016-05-02 2016-05-06
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
17 CVE-2016-1575 264 +Priv 2016-05-02 2017-05-08
7.2
None Local Low Not required Complete Complete Complete
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
18 CVE-2014-9854 399 DoS 2017-03-17 2018-10-30
5.0
None Remote Low Not required None None Partial
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
19 CVE-2014-9853 399 DoS 2017-03-17 2018-10-30
4.3
None Remote Medium Not required None None Partial
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
20 CVE-2014-9851 20 DoS 2017-03-20 2018-10-30
5.0
None Remote Low Not required None None Partial
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
21 CVE-2014-9850 399 DoS 2017-03-20 2018-10-30
5.0
None Remote Low Not required None None Partial
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
22 CVE-2014-9849 400 DoS 2017-03-20 2018-10-30
5.0
None Remote Low Not required None None Partial
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
23 CVE-2014-9848 399 DoS 2017-03-20 2018-10-30
5.0
None Remote Low Not required None None Partial
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
24 CVE-2014-9847 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
25 CVE-2014-9846 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
26 CVE-2014-9845 119 DoS Overflow 2017-03-20 2018-10-30
4.3
None Remote Medium Not required None None Partial
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
27 CVE-2014-9844 125 DoS 2017-03-20 2018-10-30
4.3
None Remote Medium Not required None None Partial
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
28 CVE-2014-9843 119 Overflow 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
29 CVE-2014-9842 400 DoS 2017-03-20 2018-10-30
5.0
None Remote Low Not required None None Partial
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
30 CVE-2014-9841 388 2017-03-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.