Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.58%
  • Veröffentlicht 28.11.2013 04:37:39
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte...

  • EPSS 1.94%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.

Exploit
  • EPSS 0.44%
  • Veröffentlicht 23.11.2013 18:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.

  • EPSS 1.73%
  • Veröffentlicht 23.11.2013 17:55:03
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

  • EPSS 1.98%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.

Exploit
  • EPSS 7.13%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.

  • EPSS 10.48%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.

  • EPSS 0.4%
  • Veröffentlicht 20.11.2013 13:19:42
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, re...

Exploit
  • EPSS 3.9%
  • Veröffentlicht 20.11.2013 13:19:41
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote at...

  • EPSS 10.12%
  • Veröffentlicht 19.11.2013 04:50:56
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of s...