Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 31.22%
  • Veröffentlicht 17.07.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:52:25

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, w...

  • EPSS 3.15%
  • Veröffentlicht 17.07.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:52:26

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include rem...

Exploit
  • EPSS 3.3%
  • Veröffentlicht 16.07.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:22

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.

Exploit
  • EPSS 1.46%
  • Veröffentlicht 15.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:08

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm...

Exploit
  • EPSS 2.09%
  • Veröffentlicht 15.07.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 04:17:54

Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer ov...

  • EPSS 2.09%
  • Veröffentlicht 14.07.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:25:19

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact...

Exploit
  • EPSS 1.53%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector...

Exploit
  • EPSS 1.46%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:09

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav fil...

Exploit
  • EPSS 1.5%
  • Veröffentlicht 11.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:10

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav...

  • EPSS 24.4%
  • Veröffentlicht 11.07.2019 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:02

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if t...