Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 7.83%
  • Veröffentlicht 21.11.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:52

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

  • EPSS 0.48%
  • Veröffentlicht 21.11.2018 00:29:01
  • Zuletzt bearbeitet 21.11.2024 03:57:51

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

Exploit
  • EPSS 7.61%
  • Veröffentlicht 16.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:56

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected u...

  • EPSS 7.97%
  • Veröffentlicht 16.11.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:40

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

  • EPSS 10.72%
  • Veröffentlicht 16.11.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:40

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may...

Exploit
  • EPSS 3.42%
  • Veröffentlicht 15.11.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:45

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

  • EPSS 0.52%
  • Veröffentlicht 15.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:56

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

  • EPSS 2.83%
  • Veröffentlicht 14.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:54:28

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • EPSS 5.15%
  • Veröffentlicht 13.11.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:26

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser ...

Exploit
  • EPSS 3.61%
  • Veröffentlicht 12.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:33

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.