Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.73%
  • Veröffentlicht 06.01.2017 21:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network...

Exploit
  • EPSS 17.73%
  • Veröffentlicht 17.12.2016 03:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

Exploit
  • EPSS 6.55%
  • Veröffentlicht 17.12.2016 03:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-...

  • EPSS 3.6%
  • Veröffentlicht 13.12.2016 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 46...

  • EPSS 6.07%
  • Veröffentlicht 09.12.2016 20:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOS...

  • EPSS 5.14%
  • Veröffentlicht 09.12.2016 20:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the da...

  • EPSS 11.13%
  • Veröffentlicht 08.12.2016 08:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet...

Exploit
  • EPSS 37.68%
  • Veröffentlicht 28.11.2016 03:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access b...

  • EPSS 2.16%
  • Veröffentlicht 16.11.2016 05:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certai...

Exploit
  • EPSS 2.94%
  • Veröffentlicht 16.11.2016 00:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to condu...