Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 5%
  • Veröffentlicht 29.05.2008 16:32:00
  • Zuletzt bearbeitet 16.06.2026 22:52:13

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

  • EPSS 3.51%
  • Veröffentlicht 16.05.2008 12:54:00
  • Zuletzt bearbeitet 16.06.2026 22:52:55

Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tre...

  • EPSS 4.93%
  • Veröffentlicht 16.05.2008 12:54:00
  • Zuletzt bearbeitet 16.06.2026 22:53:10

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT...

Exploit
  • EPSS 70.72%
  • Veröffentlicht 13.05.2008 17:20:00
  • Zuletzt bearbeitet 16.06.2026 22:49:03

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp...

Exploit
  • EPSS 4.29%
  • Veröffentlicht 07.05.2008 21:20:00
  • Zuletzt bearbeitet 16.06.2026 22:53:07

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy a...

Exploit
  • EPSS 10.92%
  • Veröffentlicht 05.05.2008 17:20:00
  • Zuletzt bearbeitet 16.06.2026 22:49:57

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Exploit
  • EPSS 2.59%
  • Veröffentlicht 05.05.2008 16:20:00
  • Zuletzt bearbeitet 16.06.2026 22:53:03

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume...

  • EPSS 0.31%
  • Veröffentlicht 02.05.2008 16:05:00
  • Zuletzt bearbeitet 16.06.2026 22:51:36

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

Exploit
  • EPSS 6.29%
  • Veröffentlicht 18.04.2008 17:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:41

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse...

Exploit
  • EPSS 22.62%
  • Veröffentlicht 10.04.2008 19:05:00
  • Zuletzt bearbeitet 16.06.2026 22:52:21

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.