Canonical

Ubuntu Linux

4106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-19840

  • EPSS 0.35%
  • Veröffentlicht 04.12.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:40

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishan...

5.5

CVE-2018-19841

Exploit
  • EPSS 0.59%
  • Veröffentlicht 04.12.2018 09:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:40

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvun...

7.8

CVE-2018-19824

  • EPSS 0.06%
  • Veröffentlicht 03.12.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:37

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

9

CVE-2018-19788

Exploit
  • EPSS 59.64%
  • Veröffentlicht 03.12.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:33

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

6.1

CVE-2018-19787

  • EPSS 0.53%
  • Veröffentlicht 02.12.2018 10:29:00
  • Zuletzt bearbeitet 18.12.2025 16:15:46

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Interne...

7.5

CVE-2018-8789

Exploit
  • EPSS 1.65%
  • Veröffentlicht 29.11.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 04:14:19

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

9.8

CVE-2018-8784

Exploit
  • EPSS 13%
  • Veröffentlicht 29.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:18

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.

9.8

CVE-2018-8785

Exploit
  • EPSS 13%
  • Veröffentlicht 29.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:18

FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.

9.8

CVE-2018-8786

Exploit
  • EPSS 17.75%
  • Veröffentlicht 29.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:18

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

9.8

CVE-2018-8787

Exploit
  • EPSS 12.73%
  • Veröffentlicht 29.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:14:18

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.