Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 5.5%
  • Veröffentlicht 20.03.2020 21:15:16
  • Zuletzt bearbeitet 05.11.2025 17:15:33

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

Exploit
  • EPSS 1.05%
  • Veröffentlicht 20.03.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 04:27:30

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

  • EPSS 1.03%
  • Veröffentlicht 12.03.2020 21:15:14
  • Zuletzt bearbeitet 21.11.2024 04:53:45

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access

  • EPSS 2.67%
  • Veröffentlicht 12.03.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:31

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Exploit
  • EPSS 4.08%
  • Veröffentlicht 12.03.2020 13:15:12
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as ...

Exploit
  • EPSS 3.3%
  • Veröffentlicht 12.03.2020 13:15:12
  • Zuletzt bearbeitet 25.11.2024 18:12:24

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel...

Exploit
  • EPSS 3.16%
  • Veröffentlicht 06.03.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:38

usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.

  • EPSS 0.87%
  • Veröffentlicht 05.03.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:20

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

  • EPSS 0.28%
  • Veröffentlicht 05.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:54:54

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because T...

  • EPSS 22.51%
  • Veröffentlicht 05.03.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:33

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggreg...