Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.44%
  • Veröffentlicht 25.09.2013 10:31:26
  • Zuletzt bearbeitet 29.04.2026 01:13:23

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuratio...

  • EPSS 2.6%
  • Veröffentlicht 16.09.2013 19:14:38
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity...

  • EPSS 2.63%
  • Veröffentlicht 20.08.2013 22:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable asserti...

  • EPSS 0.53%
  • Veröffentlicht 19.08.2013 23:55:09
  • Zuletzt bearbeitet 29.04.2026 01:13:23

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

  • EPSS 2.61%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access,...

Exploit
  • EPSS 0.56%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module ...

  • EPSS 3.41%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.

  • EPSS 3.52%
  • Veröffentlicht 19.08.2013 13:07:58
  • Zuletzt bearbeitet 29.04.2026 01:13:23

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP hea...

Exploit
  • EPSS 0.35%
  • Veröffentlicht 19.08.2013 13:07:40
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local ...

  • EPSS 3.59%
  • Veröffentlicht 18.08.2013 02:52:23
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-...