Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 3.75%
  • Veröffentlicht 30.04.2014 10:49:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code i...

  • EPSS 2.94%
  • Veröffentlicht 28.04.2014 14:09:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules fr...

  • EPSS 2.29%
  • Veröffentlicht 27.04.2014 20:55:23
  • Zuletzt bearbeitet 06.05.2026 22:30:45

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the...

  • EPSS 1.99%
  • Veröffentlicht 23.04.2014 15:55:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie...

  • EPSS 4.75%
  • Veröffentlicht 23.04.2014 15:55:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote att...

  • EPSS 5.65%
  • Veröffentlicht 23.04.2014 15:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URL...

  • EPSS 0.33%
  • Veröffentlicht 17.04.2014 14:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allo...

  • EPSS 0.38%
  • Veröffentlicht 16.04.2014 18:37:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.

  • EPSS 4.98%
  • Veröffentlicht 16.04.2014 02:55:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-04...

  • EPSS 2.73%
  • Veröffentlicht 16.04.2014 02:55:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.