Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 67.47%
  • Veröffentlicht 01.04.2015 10:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content...

  • EPSS 74.01%
  • Veröffentlicht 01.04.2015 02:00:35
  • Zuletzt bearbeitet 28.05.2026 14:16:16

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial ...

Exploit
  • EPSS 8.37%
  • Veröffentlicht 30.03.2015 10:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary co...

Exploit
  • EPSS 14.67%
  • Veröffentlicht 30.03.2015 10:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a...

Exploit
  • EPSS 15.43%
  • Veröffentlicht 30.03.2015 10:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl...

Exploit
  • EPSS 5.61%
  • Veröffentlicht 27.03.2015 14:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by perfor...

  • EPSS 4.99%
  • Veröffentlicht 25.03.2015 14:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a con...

  • EPSS 4.96%
  • Veröffentlicht 25.03.2015 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the ...

Exploit
  • EPSS 2.96%
  • Veröffentlicht 24.03.2015 17:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of ...

Exploit
  • EPSS 16.56%
  • Veröffentlicht 24.03.2015 17:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.