Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 7.21%
  • Veröffentlicht 15.12.2015 21:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

  • EPSS 4.54%
  • Veröffentlicht 15.12.2015 21:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

  • EPSS 0.38%
  • Veröffentlicht 07.12.2015 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.

Exploit
  • EPSS 0.47%
  • Veröffentlicht 07.12.2015 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

  • EPSS 12.81%
  • Veröffentlicht 06.12.2015 20:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (...

  • EPSS 38.71%
  • Veröffentlicht 06.12.2015 20:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob...

  • EPSS 44.02%
  • Veröffentlicht 06.12.2015 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function p...

  • EPSS 25.14%
  • Veröffentlicht 06.12.2015 20:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for r...

  • EPSS 5.04%
  • Veröffentlicht 03.12.2015 20:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "...

  • EPSS 2.08%
  • Veröffentlicht 26.11.2015 17:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial o...