Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.29%
  • Veröffentlicht 12.06.2021 04:15:11
  • Zuletzt bearbeitet 21.11.2024 06:07:15

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.

  • EPSS 0.29%
  • Veröffentlicht 12.06.2021 04:15:11
  • Zuletzt bearbeitet 21.11.2024 06:07:15

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

  • EPSS 0.3%
  • Veröffentlicht 12.06.2021 04:15:10
  • Zuletzt bearbeitet 21.11.2024 06:07:14

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

  • EPSS 0.55%
  • Veröffentlicht 04.06.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:39

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code executio...

Exploit
  • EPSS 27.48%
  • Veröffentlicht 04.06.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:39

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This is...

  • EPSS 0.63%
  • Veröffentlicht 04.06.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:40

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow lea...

  • EPSS 5.11%
  • Veröffentlicht 26.04.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:04:45

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Warnung Medienbericht Exploit
  • EPSS 43.99%
  • Veröffentlicht 17.04.2021 05:15:14
  • Zuletzt bearbeitet 28.10.2025 13:49:50

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a pat...

  • EPSS 1.55%
  • Veröffentlicht 17.04.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:40

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacke...

Exploit
  • EPSS 1.28%
  • Veröffentlicht 07.04.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 01:48:49

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callb...