Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.41%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:48

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

  • EPSS 0.49%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:53

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

  • EPSS 17.51%
  • Veröffentlicht 04.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:50

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...

  • EPSS 6.09%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:53

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

  • EPSS 2.87%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:34

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

  • EPSS 0.44%
  • Veröffentlicht 03.06.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:39:25

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

  • EPSS 0.46%
  • Veröffentlicht 03.06.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:39:25

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.

Exploit
  • EPSS 4.4%
  • Veröffentlicht 02.06.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:33

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-b...

  • EPSS 0.42%
  • Veröffentlicht 02.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:47

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

  • EPSS 0.43%
  • Veröffentlicht 02.06.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:42

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.