Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.37%
  • Veröffentlicht 21.08.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:54

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escala...

  • EPSS 0.95%
  • Veröffentlicht 21.08.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:21

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

  • EPSS 4.2%
  • Veröffentlicht 20.08.2018 20:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:58

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerabil...

  • EPSS 0.55%
  • Veröffentlicht 20.08.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:08

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

  • EPSS 0.51%
  • Veröffentlicht 20.08.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 03:51:05

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.

Exploit
  • EPSS 98.63%
  • Veröffentlicht 17.08.2018 19:29:00
  • Zuletzt bearbeitet 17.12.2025 22:15:54

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-...

  • EPSS 0.35%
  • Veröffentlicht 17.08.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 03:50:52

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to req...

  • EPSS 3.93%
  • Veröffentlicht 17.08.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:11

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p...

  • EPSS 4.3%
  • Veröffentlicht 16.08.2018 20:29:02
  • Zuletzt bearbeitet 21.11.2024 03:49:19

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201...

  • EPSS 0.39%
  • Veröffentlicht 10.08.2018 15:29:01
  • Zuletzt bearbeitet 21.11.2024 04:10:53

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-...