Canonical

Ubuntu Linux

4106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-12691

  • EPSS 3.57%
  • Veröffentlicht 07.05.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:04

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and projec...

5.5

CVE-2020-12692

  • EPSS 0.14%
  • Veröffentlicht 07.05.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:05

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited n...

6.5

CVE-2020-12108

Exploit
  • EPSS 7.99%
  • Veröffentlicht 06.05.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:15

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

5.5

CVE-2020-12656

  • EPSS 0.11%
  • Veröffentlicht 05.05.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:00

gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue do...

9.8

CVE-2020-10683

  • EPSS 8.3%
  • Veröffentlicht 01.05.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

7

CVE-2020-1752

  • EPSS 0.2%
  • Veröffentlicht 30.04.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:11:18

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker ...

9.8

CVE-2020-11651

Warnung Exploit
  • EPSS 94.42%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 07.11.2025 19:32:41

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods...

6.5

CVE-2020-11652

Warnung Exploit
  • EPSS 94.27%
  • Veröffentlicht 30.04.2020 17:15:12
  • Zuletzt bearbeitet 07.11.2025 19:32:37

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated u...

7

CVE-2020-11884

  • EPSS 0.06%
  • Veröffentlicht 29.04.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:49

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade...

7.5

CVE-2020-12243

Exploit
  • EPSS 10.76%
  • Veröffentlicht 28.04.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:22

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).