Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.4%
  • Veröffentlicht 05.11.2014 11:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds acces...

  • EPSS 2.49%
  • Veröffentlicht 05.11.2014 11:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.

  • EPSS 3.08%
  • Veröffentlicht 05.11.2014 11:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact...

  • EPSS 3.14%
  • Veröffentlicht 05.11.2014 11:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.

  • EPSS 14.01%
  • Veröffentlicht 05.11.2014 11:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and appli...

  • EPSS 3.99%
  • Veröffentlicht 04.11.2014 16:55:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing...

Exploit
  • EPSS 5.54%
  • Veröffentlicht 03.11.2014 16:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

  • EPSS 0.45%
  • Veröffentlicht 01.11.2014 23:55:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • EPSS 2.35%
  • Veröffentlicht 29.10.2014 10:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows m...

Exploit
  • EPSS 3.83%
  • Veröffentlicht 25.10.2014 22:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.