Canonical

Ubuntu Linux

4122 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 8.31%
  • Veröffentlicht 04.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:52

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

  • EPSS 71.79%
  • Veröffentlicht 04.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:52

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

  • EPSS 6.85%
  • Veröffentlicht 04.02.2020 20:15:14
  • Zuletzt bearbeitet 21.11.2024 05:38:59

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can re...

  • EPSS 5.54%
  • Veröffentlicht 04.02.2020 15:15:11
  • Zuletzt bearbeitet 31.12.2025 00:55:36

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

  • EPSS 19.43%
  • Veröffentlicht 03.02.2020 23:15:11
  • Zuletzt bearbeitet 03.12.2025 16:15:54

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

  • EPSS 2.13%
  • Veröffentlicht 02.02.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:30

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows expon...

  • EPSS 0.98%
  • Veröffentlicht 31.01.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 02:35:42

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecifie...

Exploit
  • EPSS 6.62%
  • Veröffentlicht 30.01.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:38:56

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicA...

Exploit
  • EPSS 8.91%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 01.07.2025 18:15:23

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

Exploit
  • EPSS 13.47%
  • Veröffentlicht 29.01.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:38:30

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.