Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.43%
  • Veröffentlicht 31.01.2019 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:55

In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

  • EPSS 19.4%
  • Veröffentlicht 30.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:03

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_htt...

  • EPSS 19.99%
  • Veröffentlicht 30.01.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:04

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session...

Exploit
  • EPSS 3.23%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

Exploit
  • EPSS 3.23%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Exploit
  • EPSS 3.34%
  • Veröffentlicht 30.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:05

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

  • EPSS 0.56%
  • Veröffentlicht 29.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory co...

Exploit
  • EPSS 1.39%
  • Veröffentlicht 29.01.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:40

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted inp...

  • EPSS 14.56%
  • Veröffentlicht 28.01.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:05

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Exploit
  • EPSS 0.46%
  • Veröffentlicht 28.01.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:16

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication...