Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.64%
  • Veröffentlicht 02.03.2015 11:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering u...

  • EPSS 0.55%
  • Veröffentlicht 02.03.2015 11:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) ...

  • EPSS 5.49%
  • Veröffentlicht 02.03.2015 11:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in...

Exploit
  • EPSS 0.72%
  • Veröffentlicht 02.03.2015 11:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

  • EPSS 1.26%
  • Veröffentlicht 25.02.2015 11:59:14
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and compl...

  • EPSS 1.05%
  • Veröffentlicht 25.02.2015 11:59:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL wi...

  • EPSS 4.16%
  • Veröffentlicht 25.02.2015 11:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a d...

  • EPSS 6.03%
  • Veröffentlicht 25.02.2015 11:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

  • EPSS 2.01%
  • Veröffentlicht 25.02.2015 11:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebG...

  • EPSS 3.38%
  • Veröffentlicht 25.02.2015 11:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token se...