Canonical

Ubuntu Linux

4107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2015-8242

  • EPSS 1.37%
  • Veröffentlicht 15.12.2015 21:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati...

6.4

CVE-2015-8241

  • EPSS 1%
  • Veröffentlicht 15.12.2015 21:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat...

5

CVE-2015-7500

  • EPSS 1.49%
  • Veröffentlicht 15.12.2015 21:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5

CVE-2015-7499

  • EPSS 1.58%
  • Veröffentlicht 15.12.2015 21:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5

CVE-2015-7498

  • EPSS 3.27%
  • Veröffentlicht 15.12.2015 21:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

5

CVE-2015-7497

  • EPSS 3.05%
  • Veröffentlicht 15.12.2015 21:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

7.1

CVE-2015-5312

  • EPSS 0.97%
  • Veröffentlicht 15.12.2015 21:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

7.2

CVE-2015-1344

  • EPSS 0.04%
  • Veröffentlicht 07.12.2015 20:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.

4.6

CVE-2015-1342

Exploit
  • EPSS 0.06%
  • Veröffentlicht 07.12.2015 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

4.3

CVE-2015-3196

  • EPSS 7.44%
  • Veröffentlicht 06.12.2015 20:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (...