Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.91%
  • Veröffentlicht 29.03.2019 05:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:47

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

  • EPSS 1.18%
  • Veröffentlicht 28.03.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:48:16

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

Exploit
  • EPSS 2.46%
  • Veröffentlicht 27.03.2019 13:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:35

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

  • EPSS 2.95%
  • Veröffentlicht 27.03.2019 13:29:01
  • Zuletzt bearbeitet 05.05.2025 14:12:51

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulti...

  • EPSS 2.13%
  • Veröffentlicht 27.03.2019 13:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:46

A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forw...

  • EPSS 3.13%
  • Veröffentlicht 27.03.2019 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:34

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

Exploit
  • EPSS 2.97%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:46

A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha...

  • EPSS 1.77%
  • Veröffentlicht 25.03.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:46

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

Exploit
  • EPSS 1.11%
  • Veröffentlicht 25.03.2019 00:29:05
  • Zuletzt bearbeitet 21.11.2024 04:18:13

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

Exploit
  • EPSS 11.84%
  • Veröffentlicht 23.03.2019 18:29:02
  • Zuletzt bearbeitet 21.11.2024 04:52:39

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call...