Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.36%
  • Veröffentlicht 09.02.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:06:18

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

  • EPSS 0.49%
  • Veröffentlicht 09.02.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:04

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when t...

Exploit
  • EPSS 2.3%
  • Veröffentlicht 09.02.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:34

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "...

Exploit
  • EPSS 2.85%
  • Veröffentlicht 09.02.2018 06:29:00
  • Zuletzt bearbeitet 10.07.2025 15:44:54

In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Exploit
  • EPSS 23.2%
  • Veröffentlicht 09.02.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:20

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Warnung Exploit
  • EPSS 82.24%
  • Veröffentlicht 08.02.2018 23:29:01
  • Zuletzt bearbeitet 07.11.2025 19:04:28

An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

  • EPSS 1.25%
  • Veröffentlicht 08.02.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:28

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The...

Exploit
  • EPSS 2.95%
  • Veröffentlicht 06.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:08

A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file.

  • EPSS 4.9%
  • Veröffentlicht 05.02.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:15

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated b...

Exploit
  • EPSS 1.75%
  • Veröffentlicht 04.02.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:10:59

In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.