Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 11.57%
  • Veröffentlicht 04.09.2014 17:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Exploit
  • EPSS 1.17%
  • Veröffentlicht 01.09.2014 01:55:18
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruptio...

  • EPSS 1.59%
  • Veröffentlicht 25.08.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users ...

  • EPSS 1.52%
  • Veröffentlicht 25.08.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification ...

  • EPSS 1.49%
  • Veröffentlicht 25.08.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

  • EPSS 2.13%
  • Veröffentlicht 25.08.2014 14:55:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users ...

Exploit
  • EPSS 0.36%
  • Veröffentlicht 19.08.2014 18:55:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (...

  • EPSS 3.15%
  • Veröffentlicht 19.08.2014 18:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 cer...

  • EPSS 5.58%
  • Veröffentlicht 19.08.2014 18:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to ...

  • EPSS 7.5%
  • Veröffentlicht 19.08.2014 18:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authenticat...