Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.17%
  • Veröffentlicht 20.06.2016 01:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.

  • EPSS 6.54%
  • Veröffentlicht 16.06.2016 18:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca...

  • EPSS 0.39%
  • Veröffentlicht 16.06.2016 18:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTO...

  • EPSS 0.4%
  • Veröffentlicht 16.06.2016 18:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer de...

  • EPSS 0.4%
  • Veröffentlicht 16.06.2016 18:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

  • EPSS 2.37%
  • Veröffentlicht 16.06.2016 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

  • EPSS 0.5%
  • Veröffentlicht 14.06.2016 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information tran...

  • EPSS 0.43%
  • Veröffentlicht 14.06.2016 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

  • EPSS 0.42%
  • Veröffentlicht 14.06.2016 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

  • EPSS 3.21%
  • Veröffentlicht 13.06.2016 19:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."