Canonical

Ubuntu Pro 14.04 LTS

5456 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.49%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:41

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition wh...

Exploit
  • EPSS 0.5%
  • Veröffentlicht 12.04.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:42

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aou...

  • EPSS 1.77%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:46

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

  • EPSS 0.96%
  • Veröffentlicht 21.03.2019 16:00:33
  • Zuletzt bearbeitet 21.11.2024 03:58:56

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitr...

  • EPSS 0.31%
  • Veröffentlicht 01.02.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:38

In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of ...

  • EPSS 0.77%
  • Veröffentlicht 07.01.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:45:02

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af...

  • EPSS 0.43%
  • Veröffentlicht 03.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault...

Exploit
  • EPSS 0.7%
  • Veröffentlicht 03.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:21

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_AD...

  • EPSS 0.45%
  • Veröffentlicht 27.12.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:01:38

An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next f...

  • EPSS 1.46%
  • Veröffentlicht 18.12.2018 22:29:04
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container ...