Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.65%
  • Veröffentlicht 22.04.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:11

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

  • EPSS 3.9%
  • Veröffentlicht 21.04.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:34

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open fo...

  • EPSS 1.66%
  • Veröffentlicht 21.04.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:59

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

  • EPSS 0.54%
  • Veröffentlicht 17.04.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:18

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of ser...

  • EPSS 0.48%
  • Veröffentlicht 17.04.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:52:50

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Pr...

  • EPSS 2.83%
  • Veröffentlicht 17.04.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:38

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

Exploit
  • EPSS 1.62%
  • Veröffentlicht 17.04.2020 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:47:58

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu

  • EPSS 6.73%
  • Veröffentlicht 15.04.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:01

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expr...

  • EPSS 3.94%
  • Veröffentlicht 15.04.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:23:01

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The abs...

  • EPSS 5.77%
  • Veröffentlicht 15.04.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:23:01

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addSt...