Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht Exploit
  • EPSS 7.49%
  • Veröffentlicht 09.12.2014 23:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

  • EPSS 5.08%
  • Veröffentlicht 09.12.2014 23:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

Exploit
  • EPSS 3.44%
  • Veröffentlicht 05.12.2014 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to ...

  • EPSS 3.48%
  • Veröffentlicht 03.12.2014 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

  • EPSS 5.17%
  • Veröffentlicht 01.12.2014 15:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer...

  • EPSS 4.14%
  • Veröffentlicht 26.11.2014 15:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

  • EPSS 24.93%
  • Veröffentlicht 26.11.2014 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

  • EPSS 0.51%
  • Veröffentlicht 25.11.2014 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

  • EPSS 0.58%
  • Veröffentlicht 24.11.2014 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Exploit
  • EPSS 19.81%
  • Veröffentlicht 20.11.2014 17:50:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.