Canonical

Ubuntu 16.04 LTS

1003 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-11487

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.04.2019 22:29:05
  • Zuletzt bearbeitet 21.11.2024 04:21:11

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs...

7.1

CVE-2013-7470

  • EPSS 1.2%
  • Veröffentlicht 23.04.2019 03:29:00
  • Zuletzt bearbeitet 21.11.2024 02:01:05

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE...

4.7

CVE-2019-3901

  • EPSS 0.06%
  • Veröffentlicht 22.04.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:49

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target ...

4.7

CVE-2019-11190

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:41

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition wh...

2.5

CVE-2019-11191

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:42

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aou...

6.5

CVE-2019-3459

Exploit
  • EPSS 0.47%
  • Veröffentlicht 11.04.2019 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:05

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5

CVE-2019-3460

Exploit
  • EPSS 0.47%
  • Veröffentlicht 11.04.2019 16:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:05

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

0

CVE-2019-10124

  • EPSS 0.24%
  • Veröffentlicht 27.03.2019 06:29:00
  • Zuletzt bearbeitet 07.11.2023 03:02:24

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

10

CVE-2019-10125

Exploit
  • EPSS 3.43%
  • Veröffentlicht 27.03.2019 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:27

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and t...

6.5

CVE-2019-3874

  • EPSS 0.18%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:46

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.