Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.17%
  • Veröffentlicht 08.04.2015 10:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2...

  • EPSS 6.51%
  • Veröffentlicht 05.04.2015 21:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (...

  • EPSS 0.45%
  • Veröffentlicht 01.04.2015 14:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O ...

  • EPSS 1.26%
  • Veröffentlicht 01.04.2015 10:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DN...

  • EPSS 2.82%
  • Veröffentlicht 01.04.2015 10:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation.

  • EPSS 2.81%
  • Veröffentlicht 01.04.2015 10:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of se...

  • EPSS 3.62%
  • Veröffentlicht 01.04.2015 10:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which al...

  • EPSS 3.62%
  • Veröffentlicht 01.04.2015 10:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execut...

  • EPSS 3.7%
  • Veröffentlicht 01.04.2015 10:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or c...

  • EPSS 3.7%
  • Veröffentlicht 01.04.2015 10:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary c...