Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 8.32%
  • Veröffentlicht 11.08.2017 02:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for t...

  • EPSS 8.07%
  • Veröffentlicht 10.08.2017 22:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked ...

  • EPSS 7.99%
  • Veröffentlicht 10.08.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attac...

Exploit
  • EPSS 10.3%
  • Veröffentlicht 10.08.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applica...

  • EPSS 7.15%
  • Veröffentlicht 10.08.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the ...

  • EPSS 5.23%
  • Veröffentlicht 09.08.2017 21:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stab...

Exploit
  • EPSS 7.18%
  • Veröffentlicht 07.08.2017 17:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

  • EPSS 2.66%
  • Veröffentlicht 27.07.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • EPSS 2.57%
  • Veröffentlicht 25.07.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website.

  • EPSS 0.63%
  • Veröffentlicht 25.07.2017 14:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display a...