9 matches found
UBUNTU-CVE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk...
UBUNTU-CVE-2021-41682
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecmacompareecmanondirectstrings in JerryScript 2.4.0...
UBUNTU-CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp...
UBUNTU-CVE-2021-38503
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
UBUNTU-CVE-2021-38160
In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; th...
UBUNTU-CVE-2021-31808
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all clients using the proxy. A client sends an HTTP Range request to trigger this...
UBUNTU-CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...
UBUNTU-CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
UBUNTU-CVE-2021-26813
markdown2 =1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time...