Canonical

Ubuntu Linux

4108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-11993

Exploit
  • EPSS 33.36%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 01.05.2025 15:40:19

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev...

5.5

CVE-2020-15701

Exploit
  • EPSS 0.12%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:02

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a cra...

7

CVE-2020-15702

  • EPSS 0.04%
  • Veröffentlicht 06.08.2020 23:15:11
  • Zuletzt bearbeitet 03.11.2025 20:15:44

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed proce...

6.7

CVE-2020-14344

  • EPSS 0.16%
  • Veröffentlicht 05.08.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:03

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running...

5.5

CVE-2020-14347

  • EPSS 0.06%
  • Veröffentlicht 05.08.2020 14:15:12
  • Zuletzt bearbeitet 29.08.2025 13:42:30

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before v...

4.3

CVE-2020-16116

  • EPSS 0.86%
  • Veröffentlicht 03.08.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:06:47

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

6

CVE-2020-14310

  • EPSS 0.05%
  • Veröffentlicht 31.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:58

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font val...

6

CVE-2020-14311

  • EPSS 0.03%
  • Veröffentlicht 31.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:58

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subseque...

4.3

CVE-2020-16166

  • EPSS 1.68%
  • Veröffentlicht 30.07.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:06:53

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

5.9

CVE-2020-16135

Exploit
  • EPSS 1.41%
  • Veröffentlicht 29.07.2020 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:06:49

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.