Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.57%
  • Veröffentlicht 16.04.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:52

The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.

  • EPSS 1.98%
  • Veröffentlicht 16.04.2018 09:58:10
  • Zuletzt bearbeitet 21.11.2024 03:40:52

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possib...

  • EPSS 2.13%
  • Veröffentlicht 16.04.2018 09:58:10
  • Zuletzt bearbeitet 21.11.2024 03:40:52

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overfl...

  • EPSS 0.46%
  • Veröffentlicht 13.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:47

The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.

  • EPSS 3.17%
  • Veröffentlicht 12.04.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:08

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.

  • EPSS 0.54%
  • Veröffentlicht 11.04.2018 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:59:10

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.

Exploit
  • EPSS 1.72%
  • Veröffentlicht 10.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:50

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, beca...

  • EPSS 5.56%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 14.04.2025 20:15:16

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via th...

  • EPSS 0.32%
  • Veröffentlicht 04.04.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:11:20

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

  • EPSS 2.08%
  • Veröffentlicht 04.04.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:10

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.