Canonical

Ubuntu Linux

4107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-3710

  • EPSS 0.07%
  • Veröffentlicht 11.05.2016 21:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

7.5

CVE-2016-4556

  • EPSS 56.86%
  • Veröffentlicht 10.05.2016 19:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5

CVE-2016-4555

Exploit
  • EPSS 66.07%
  • Veröffentlicht 10.05.2016 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

8.6

CVE-2016-4554

  • EPSS 68.86%
  • Veröffentlicht 10.05.2016 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

8.6

CVE-2016-4553

  • EPSS 82.84%
  • Veröffentlicht 10.05.2016 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

7.5

CVE-2016-4476

  • EPSS 0.61%
  • Veröffentlicht 09.05.2016 10:59:41
  • Zuletzt bearbeitet 12.04.2025 10:46:40

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

9.3

CVE-2015-8868

  • EPSS 1.09%
  • Veröffentlicht 06.05.2016 17:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo...

5.9

CVE-2016-4008

  • EPSS 5.05%
  • Veröffentlicht 05.05.2016 18:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

5.5

CVE-2016-3718

Warnung
  • EPSS 83.83%
  • Veröffentlicht 05.05.2016 18:59:08
  • Zuletzt bearbeitet 22.10.2025 00:15:52

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

7.1

CVE-2016-3717

  • EPSS 33.66%
  • Veröffentlicht 05.05.2016 18:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.