Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 17.86%
  • Veröffentlicht 11.06.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:31

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions...

  • EPSS 0.56%
  • Veröffentlicht 11.06.2019 17:29:00
  • Zuletzt bearbeitet 13.02.2026 20:16:12

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference ...

Exploit
  • EPSS 2.54%
  • Veröffentlicht 10.06.2019 12:29:00
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

  • EPSS 0.4%
  • Veröffentlicht 07.06.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:40:13

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...

  • EPSS 5.23%
  • Veröffentlicht 07.06.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:32

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by...

Warnung Exploit
  • EPSS 99.96%
  • Veröffentlicht 05.06.2019 14:29:11
  • Zuletzt bearbeitet 06.11.2025 14:49:48

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

  • EPSS 0.62%
  • Veröffentlicht 03.06.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:23:11

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dere...

  • EPSS 7.62%
  • Veröffentlicht 03.06.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:56

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

Exploit
  • EPSS 5.65%
  • Veröffentlicht 03.06.2019 19:29:02
  • Zuletzt bearbeitet 21.11.2024 04:42:41

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

  • EPSS 45.43%
  • Veröffentlicht 30.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:49:56

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.