Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.28%
  • Veröffentlicht 09.09.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:39

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b...

  • EPSS 4.8%
  • Veröffentlicht 09.09.2020 14:15:12
  • Zuletzt bearbeitet 16.04.2026 15:16:41

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta...

Exploit
  • EPSS 3.73%
  • Veröffentlicht 04.09.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:26

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the app...

Exploit
  • EPSS 2.29%
  • Veröffentlicht 03.09.2020 09:15:10
  • Zuletzt bearbeitet 21.11.2024 05:37:41

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

  • EPSS 1.5%
  • Veröffentlicht 02.09.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:15:23

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

  • EPSS 2.53%
  • Veröffentlicht 02.09.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:13

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s...

  • EPSS 4.24%
  • Veröffentlicht 02.09.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:13

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser s...

  • EPSS 3.97%
  • Veröffentlicht 01.09.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:03

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file...

  • EPSS 3.27%
  • Veröffentlicht 01.09.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:03

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

  • EPSS 5.45%
  • Veröffentlicht 31.08.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:05

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok...