Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.39%
  • Veröffentlicht 06.12.2017 14:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.

  • EPSS 0.43%
  • Veröffentlicht 05.12.2017 23:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.

Exploit
  • EPSS 7.31%
  • Veröffentlicht 05.12.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attacke...

  • EPSS 0.42%
  • Veröffentlicht 01.12.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Exploit
  • EPSS 5.17%
  • Veröffentlicht 01.12.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcur...

  • EPSS 0.36%
  • Veröffentlicht 01.12.2017 08:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an ...

  • EPSS 9.88%
  • Veröffentlicht 27.11.2017 22:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

  • EPSS 21.41%
  • Veröffentlicht 27.11.2017 22:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

  • EPSS 5.98%
  • Veröffentlicht 27.11.2017 10:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1622...

Exploit
  • EPSS 6.24%
  • Veröffentlicht 20.11.2017 15:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the termin...