Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.31%
  • Veröffentlicht 26.10.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:18

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a m...

Exploit
  • EPSS 27.04%
  • Veröffentlicht 25.10.2018 20:29:00
  • Zuletzt bearbeitet 29.08.2025 13:42:30

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the...

  • EPSS 3.09%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

Exploit
  • EPSS 3.06%
  • Veröffentlicht 23.10.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:12

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

Exploit
  • EPSS 14.96%
  • Veröffentlicht 22.10.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:09

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignorin...

Exploit
  • EPSS 16.29%
  • Veröffentlicht 19.10.2018 22:29:01
  • Zuletzt bearbeitet 21.11.2024 03:55:38

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

Exploit
  • EPSS 2.79%
  • Veröffentlicht 19.10.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:05

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entrie...

Exploit
  • EPSS 1.83%
  • Veröffentlicht 19.10.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:05

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize i...

  • EPSS 3.95%
  • Veröffentlicht 18.10.2018 13:29:07
  • Zuletzt bearbeitet 21.11.2024 04:08:18

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi...

  • EPSS 0.36%
  • Veröffentlicht 18.10.2018 13:29:06
  • Zuletzt bearbeitet 21.11.2024 03:45:06

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w...