Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.81%
  • Veröffentlicht 14.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:33

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

Exploit
  • EPSS 1.79%
  • Veröffentlicht 14.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:33

An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.

Exploit
  • EPSS 1.79%
  • Veröffentlicht 14.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:33

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.

Exploit
  • EPSS 1.7%
  • Veröffentlicht 14.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:33

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

  • EPSS 10.05%
  • Veröffentlicht 14.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:47

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se...

  • EPSS 0.77%
  • Veröffentlicht 13.04.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:30

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

  • EPSS 3.07%
  • Veröffentlicht 13.04.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:15

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup th...

  • EPSS 0.45%
  • Veröffentlicht 10.04.2020 00:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:31

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of th...

Exploit
  • EPSS 0.35%
  • Veröffentlicht 09.04.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:39:32

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kerne...

Exploit
  • EPSS 4.86%
  • Veröffentlicht 09.04.2020 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:20

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.