Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.63%
  • Veröffentlicht 18.09.2009 10:30:01
  • Zuletzt bearbeitet 16.06.2026 23:11:12

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via v...

  • EPSS 7.57%
  • Veröffentlicht 17.09.2009 10:30:01
  • Zuletzt bearbeitet 16.06.2026 23:11:11

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

  • EPSS 4.61%
  • Veröffentlicht 17.09.2009 10:30:01
  • Zuletzt bearbeitet 16.06.2026 23:11:11

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote...

  • EPSS 3.85%
  • Veröffentlicht 15.09.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:28

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (me...

  • EPSS 3.58%
  • Veröffentlicht 10.09.2009 21:30:01
  • Zuletzt bearbeitet 16.06.2026 23:10:14

The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by readi...

Exploit
  • EPSS 1.02%
  • Veröffentlicht 28.08.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:41

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC...

Exploit
  • EPSS 1.03%
  • Veröffentlicht 28.08.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:42

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th...

Exploit
  • EPSS 7.12%
  • Veröffentlicht 27.08.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:03

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto...

  • EPSS 1.38%
  • Veröffentlicht 21.08.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:31

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

Exploit
  • EPSS 0.52%
  • Veröffentlicht 18.08.2009 21:00:00
  • Zuletzt bearbeitet 16.06.2026 23:10:20

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone ...