243 matches found
CVE-2024-6716
Rejected reason: Invalid security issue...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-3247
In Xpdf 4.05 and earlier, a PDF object loop in an object stream leads to infinite recursion and a stack overflow...
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...
This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023
Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...
USN-6420-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to cras...
USN-6139-1: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first...
CLSA-2023-1690395161 Fix of 12 CVEs
Bionic update: upstream stable patchset 2021-11-12 LP: 1950816 // CVE- url: https://ubuntu.com/security/CVE-2021-20321 - ovl: fix missing negative dentry check in ovlrename CVE-url: https://ubuntu.com/security/CVE-2021-20321 - ovl: cleanup unused var in rename2 Jammy update: v5.15.93 upstream...
USN-6105-1: ca-certificates update | Cloud Foundry
Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate...
USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary...
USN-6112-1: Perl vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with HTTP::Tiny to download modules over HTTPS. If a remote attacker were able to...
cflinuxfs3 Removal | Cloud Foundry
cflinuxfs3 Removal Please be advised that starting with release v30.0.0 of cf-deployment the platform now comes without the cflinuxfs3 stack and the cflinuxfs3 buildpacks 1. The stack is based on Ubuntu Bionic and has reached end of life. The new cflinuxfs4 stack with Ubuntu Jammy buildpacks are...
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause ...
USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library ...
CLSA-2023-1684277390 Fix CVE(s): CVE-2022-1012
Bionic update: upstream stable patchset 2022-09-12 LP: 1989374 // CVE-2022-1012 - tcp: use different parts of the portoffset for index and offset - tcp: add small random increments to the source port - tcp: dynamically allocate the perturb table used by source ports - tcp: increase source port...
USN-5960-1: Python vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL...
USN-6028-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-5963-1: Vim vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or...
USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service ...
CLSA-2023-1682604577 Fix of 53 CVEs
CVE-2022-1198 - drivers: hamradio: 6pack: fix UAF bug caused by modtimer Bionic update: upstream stable patchset 2022-03-04 LP: 1963717 // CVE-2020-36516 - ipv4: avoid using shared IP generator for connected sockets CVE-2022-36879 - xfrm: xfrmpolicy: fix a possible double xfrmpolsput in...