Ubuntu security notices

These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive). To report a security vulnerability in an Ubuntu package, please contact the Ubuntu Security Team. You may also be interested in learning about Ubuntu security policies. For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

You can also view the latest notices by subscribing to the RSS or the Atom feeds.

< Previous   Showing page 2 of 70   Next >
Show: All  

USN-3051-1: Linux kernel (Trusty HWE) vulnerabilities - 10th August 2016

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the ...

CVE-2016-4470 CVE-2016-5243

USN-3050-1: Linux kernel (OMAP4) vulnerabilities - 10th August 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Vitaly Kuznetsov discovered that the Linux kernel did not ...

CVE-2016-3134 CVE-2016-3961 CVE-2016-4470 CVE-2016-5243

USN-3049-1: Linux kernel vulnerabilities - 10th August 2016

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Vitaly Kuznetsov discovered that the Linux kernel did not ...

CVE-2016-3134 CVE-2016-3961 CVE-2016-4470 CVE-2016-5243

USN-3048-1: curl vulnerabilities - 8th August 2016

Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to ...

CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

USN-3041-1: Oxide vulnerabilities - 5th August 2016

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code. (CVE-2016-1705) It was discovered that the PPAPI implementation does not ...

CVE-2016-1705 CVE-2016-1706 CVE-2016-1710 CVE-2016-1711 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 CVE-2016-5137

USN-3044-1: Firefox vulnerabilities - 5th August 2016

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. (CVE-2016-0718) Toni Huttunen discovered that once a ...

CVE-2016-0718 CVE-2016-2830 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5254 CVE-2016-5255 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5268

USN-3047-1: QEMU vulnerabilities - 4th August 2016

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with ...

CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351

USN-3046-1: LibreOffice vulnerability - 4th August 2016

Yves Younan and Richard Johnson discovered that LibreOffice incorrectly handled presentation files. If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

CVE-2016-1513

USN-3045-1: PHP vulnerabilities - 2nd August 2016

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116) It was discovered that PHP ...

CVE-2015-4116 CVE-2015-8873 CVE-2015-8876 CVE-2015-8935 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5114 CVE-2016-5385 CVE-2016-5399 CVE-2016-5768 CVE-2016-5769 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297

USN-3043-1: OpenJDK 8 vulnerabilities - 27th July 2016

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. (CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) A vulnerability was discovered in the OpenJDK JRE ...

CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610

USN-3042-1: KDE-Libs vulnerability - 26th July 2016

Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.

CVE-2016-6232

USN-3040-1: MySQL vulnerabilities - 21st July 2016

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. ...

CVE-2016-3424 CVE-2016-3459 CVE-2016-3477 CVE-2016-3486 CVE-2016-3501 CVE-2016-3518 CVE-2016-3521 CVE-2016-3588 CVE-2016-3614 CVE-2016-3615 CVE-2016-5436 CVE-2016-5437 CVE-2016-5439 CVE-2016-5440 CVE-2016-5441 CVE-2016-5442 CVE-2016-5443

USN-3039-1: Django vulnerability - 19th July 2016

It was discovered that Django incorrectly handled the admin's add/change related popup. A remote attacker could possibly use this issue to perform a cross-site scripting attack.

CVE-2016-6186

USN-3038-1: Apache HTTP Server vulnerability - 18th July 2016

It was discovered that the Apache HTTP Server would set the HTTP_PROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests.

CVE-2016-5387

USN-3023-1: Thunderbird vulnerabilities - 18th July 2016

It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1951) Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy ...

CVE-2016-1951 CVE-2016-2818

USN-3037-1: Linux kernel (Vivid HWE) vulnerability - 14th July 2016

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-3070

USN-3036-1: Linux kernel (Utopic HWE) vulnerability - 14th July 2016

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-3070

USN-3035-3: Linux kernel (Wily HWE) vulnerability - 14th July 2016

USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O ...

CVE-2016-3070

USN-3035-2: Linux kernel (Raspberry Pi 2) vulnerability - 14th July 2016

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-3070

USN-3035-1: Linux kernel vulnerability - 14th July 2016

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-3070

USN-3034-2: Linux kernel (Trusty HWE) vulnerability - 14th July 2016

USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by ...

CVE-2016-3070

USN-3034-1: Linux kernel vulnerability - 14th July 2016

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash).

CVE-2016-3070

USN-3033-1: libarchive vulnerabilities - 14th July 2016

Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-8916, CVE-2015-8917 CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, ...

CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5844

USN-3032-1: eCryptfs vulnerability - 14th July 2016

It was discovered that eCryptfs incorrectly configured the encrypted swap partition for certain drive types. An attacker could use this issue to discover sensitive information.

CVE-2016-6224

USN-3031-1: Pidgin vulnerabilities - 12th July 2016

Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-2365 CVE-2016-2366 CVE-2016-2367 CVE-2016-2368 CVE-2016-2369 CVE-2016-2370 CVE-2016-2371 CVE-2016-2372 CVE-2016-2373 CVE-2016-2374 CVE-2016-2375 CVE-2016-2376 CVE-2016-2377 CVE-2016-2378 CVE-2016-2380 CVE-2016-4323

USN-3030-1: GD library vulnerabilities - 11th July 2016

It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass(). A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2013-7456) It was discovered that the GD library incorrectly handled certain malformed XBM images. If a ...

CVE-2013-7456 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6161

USN-3029-1: NSS vulnerability - 11th July 2016

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA certificate bundle. ...

CVE-2016-2834

USN-3028-1: NSPR vulnerability - 11th July 2016

It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2016-1951

USN-3027-1: Tomcat vulnerability - 6th July 2016

It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service.

CVE-2016-3092

USN-3026-2: libusbmuxd vulnerability - 5th July 2016

It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

CVE-2016-5104

USN-3026-1: libimobiledevice vulnerability - 5th July 2016

It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

CVE-2016-5104

USN-3025-1: GIMP vulnerability - 5th July 2016

It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

CVE-2016-4994

USN-3024-1: Tomcat vulnerabilities - 5th July 2016

It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-5174) It was discovered ...

CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092

USN-3015-1: Oxide vulnerabilities - 30th June 2016

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1704)

CVE-2016-1704

USN-3022-1: LibreOffice vulnerability - 29th June 2016

It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

CVE-2016-4324

USN-3021-2: Linux kernel (OMAP4) vulnerabilities - 27th June 2016

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered ...

CVE-2016-3951 CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913

USN-3021-1: Linux kernel vulnerabilities - 27th June 2016

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) Kangjie Lu discovered ...

CVE-2016-3951 CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4805 CVE-2016-4913

USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities - 27th June 2016

USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3018-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4565 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4997 CVE-2016-4998

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities - 27th June 2016

USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities - 27th June 2016

USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3017-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3016-1: Linux kernel vulnerabilities - 27th June 2016

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPT_SO_SET_REPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code with administrative privileges. (CVE-2016-4997) ...

CVE-2016-4482 CVE-2016-4569 CVE-2016-4578 CVE-2016-4580 CVE-2016-4913 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998

USN-3014-1: Spice vulnerabilities - 21st June 2016

Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-0749) Frediano Ziglio discovered that ...

CVE-2016-0749 CVE-2016-2150

USN-3013-1: XML-RPC for C and C++ vulnerabilities - 20th June 2016

It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote ...

CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300

< Previous   Showing page 2 of 70   Next >
Show: All