Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.52%
  • Veröffentlicht 07.05.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:40

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.

Exploit
  • EPSS 1.77%
  • Veröffentlicht 07.05.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:39

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the clien...

Exploit
  • EPSS 1.9%
  • Veröffentlicht 07.05.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:40

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

Exploit
  • EPSS 1.7%
  • Veröffentlicht 07.05.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:40

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.

  • EPSS 1.32%
  • Veröffentlicht 07.05.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:56:40

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.

  • EPSS 1.56%
  • Veröffentlicht 07.05.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:04

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the u...

  • EPSS 4.92%
  • Veröffentlicht 07.05.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:04

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and projec...

  • EPSS 0.71%
  • Veröffentlicht 07.05.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:05

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited n...

Exploit
  • EPSS 2.7%
  • Veröffentlicht 06.05.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:15

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

  • EPSS 0.33%
  • Veröffentlicht 05.05.2020 06:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:00

gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue do...