Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.83%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

  • EPSS 1.84%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...

  • EPSS 2.6%
  • Veröffentlicht 29.05.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:52

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

  • EPSS 3.21%
  • Veröffentlicht 23.05.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:45:30

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • EPSS 3.77%
  • Veröffentlicht 23.05.2019 12:29:00
  • Zuletzt bearbeitet 21.11.2024 04:22:34

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Exploit
  • EPSS 2.21%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:26

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.

Exploit
  • EPSS 1.97%
  • Veröffentlicht 20.05.2019 17:29:17
  • Zuletzt bearbeitet 21.11.2024 04:22:27

An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c.

Exploit
  • EPSS 4.21%
  • Veröffentlicht 20.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:25

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

Exploit
  • EPSS 2.2%
  • Veröffentlicht 20.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:26

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

  • EPSS 1.76%
  • Veröffentlicht 16.05.2019 19:29:05
  • Zuletzt bearbeitet 21.11.2024 04:42:40

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...