Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.12%
  • Veröffentlicht 19.02.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:00

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS reque...

Exploit
  • EPSS 6.1%
  • Veröffentlicht 19.02.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:00

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigge...

Exploit
  • EPSS 1.24%
  • Veröffentlicht 19.02.2020 18:15:09
  • Zuletzt bearbeitet 21.11.2024 01:34:18

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.

Exploit
  • EPSS 3.78%
  • Veröffentlicht 17.02.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 02:22:40

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) ...

  • EPSS 0.42%
  • Veröffentlicht 14.02.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 05:39:47

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

  • EPSS 0.46%
  • Veröffentlicht 12.02.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:40

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able t...

  • EPSS 3.41%
  • Veröffentlicht 11.02.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 03:49:18

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

  • EPSS 4.72%
  • Veröffentlicht 11.02.2020 12:15:21
  • Zuletzt bearbeitet 21.11.2024 05:34:13

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Andro...

  • EPSS 0.23%
  • Veröffentlicht 08.02.2020 05:15:13
  • Zuletzt bearbeitet 21.11.2024 04:21:10

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

  • EPSS 0.4%
  • Veröffentlicht 08.02.2020 05:15:13
  • Zuletzt bearbeitet 03.11.2025 20:15:42

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.