Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.91%
  • Veröffentlicht 12.04.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

Exploit
  • EPSS 2.13%
  • Veröffentlicht 09.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Exploit
  • EPSS 1.75%
  • Veröffentlicht 09.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Exploit
  • EPSS 1.76%
  • Veröffentlicht 09.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Exploit
  • EPSS 1.75%
  • Veröffentlicht 09.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Exploit
  • EPSS 1.7%
  • Veröffentlicht 09.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Warnung
  • EPSS 90.34%
  • Veröffentlicht 06.04.2017 21:59:00
  • Zuletzt bearbeitet 21.04.2026 17:03:44

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because...

  • EPSS 2.67%
  • Veröffentlicht 05.04.2017 06:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.

  • EPSS 0.47%
  • Veröffentlicht 28.03.2017 01:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged use...

  • EPSS 3.4%
  • Veröffentlicht 27.03.2017 17:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.