Canonical

Ubuntu Linux

4108 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2016-3712

  • EPSS 0.14%
  • Veröffentlicht 11.05.2016 21:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

8.8

CVE-2016-3710

  • EPSS 0.07%
  • Veröffentlicht 11.05.2016 21:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

7.5

CVE-2016-4556

  • EPSS 56.86%
  • Veröffentlicht 10.05.2016 19:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5

CVE-2016-4555

Exploit
  • EPSS 62.84%
  • Veröffentlicht 10.05.2016 19:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

8.6

CVE-2016-4554

  • EPSS 68.86%
  • Veröffentlicht 10.05.2016 19:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

8.6

CVE-2016-4553

  • EPSS 82.84%
  • Veröffentlicht 10.05.2016 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

7.5

CVE-2016-4476

  • EPSS 0.61%
  • Veröffentlicht 09.05.2016 10:59:41
  • Zuletzt bearbeitet 06.05.2026 22:30:45

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

9.3

CVE-2015-8868

  • EPSS 1.09%
  • Veröffentlicht 06.05.2016 17:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo...

5.9

CVE-2016-4008

  • EPSS 4.29%
  • Veröffentlicht 05.05.2016 18:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.

5.5

CVE-2016-3718

Warnung
  • EPSS 86.94%
  • Veröffentlicht 05.05.2016 18:59:08
  • Zuletzt bearbeitet 22.04.2026 14:35:42

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.