Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.04%
  • Veröffentlicht 23.02.2017 20:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

  • EPSS 7.49%
  • Veröffentlicht 17.02.2017 07:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backportin...

  • EPSS 2.75%
  • Veröffentlicht 13.02.2017 18:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test...

  • EPSS 4.39%
  • Veröffentlicht 13.02.2017 18:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

Exploit
  • EPSS 8.06%
  • Veröffentlicht 09.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Exploit
  • EPSS 28.43%
  • Veröffentlicht 09.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

  • EPSS 2.77%
  • Veröffentlicht 03.02.2017 19:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

  • EPSS 3.1%
  • Veröffentlicht 01.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

  • EPSS 1.45%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • EPSS 3.36%
  • Veröffentlicht 30.01.2017 21:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.