233 matches found
UBUNTU-CVE-2022-24723
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...
UBUNTU-CVE-2021-3939
Ubuntu-specific modifications to accountsservice in patch file debian/patches/0010-set-language.patch caused the fallbacklocale variable, pointing to static storage, to be freed, in the userchangelanguageauthorizedcb function. This is reachable via the SetLanguage dbus function. This is fixed in...
DEBIAN-CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...
UBUNTU-CVE-2020-27755
in SetImageExtent of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. Th...
USN-4640-1 pulseaudio vulnerability
James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information...
Vulnerabilities fixed in OpenLDAP
Several vulnerabilities have been fixed in OpenLDAP. The vulnerabilities allow an unauthenticated malicious person with network access to the OpenLDAP server is able to cause a denial-of-service on the OpenLDAP service. Exploit code is publicly available for both vulnerabilities. The operation of...
UBUNTU-CVE-2018-16227
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-80211.c for the Mesh Flags subfield...
CVE-2018-10187
In radare2 2.5.0, there is a heap-based buffer over-read in the dalvikop function libr/anal/p/analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier...
UBUNTU-CVE-2017-16528
sound/core/seqdevice.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service sndrawmididevseqfree use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...
UBUNTU-CVE-2017-6302
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."...
UBUNTU-CVE-2016-7524
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...
Joomla HTTP Header Unauthenticated Remote Code Execution
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...
UBUNTU-CVE-2015-3290
arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window...