10832 matches found
USN-5899-1: AWStats vulnerability
It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...
USN-4762-1: OpenSSH vulnerability
It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5559-1: Moment.js vulnerabilities
It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. CVE-2022-24785 It was discovered that Moment.js incorrectly handled certain input. An attacker coul...
USN-6242-2: OpenSSH vulnerability
USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their...
USN-3352-1: nginx vulnerability
It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information...
USN-4411-1: Linux kernel vulnerabilities
It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2020-10732 Matthew Sheets discovered that the SELinux network label handlin...
USN-6859-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials...
USN-3812-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...
USN-5004-1: RabbitMQ vulnerabilities
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2019-11287 Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An...
USN-3840-1: OpenSSL vulnerabilities
Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. CVE-2018-0734 Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly...
USN-3802-1: X.Org X server vulnerability
Narendra Shinde discovered that the X.Org X server incorrectly handled certain command line parameters when running as root with the legacy wrapper. When certain graphics drivers are being used, a local attacker could possibly use this issue to overwrite arbitrary files and escalate privileges...
USN-6529-1: Request Tracker vulnerabilities
It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2021-38562, CVE-2022-25802, CVE-2023-41259,...
USN-3885-2: OpenSSH vulnerability
USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem. Original advisory details: Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked int...
USN-3815-2: gettext vulnerability
USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...
USN-3935-1: BusyBox vulnerabilities
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....
USN-3809-1: OpenSSH vulnerabilities
Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10708 It was discovered that OpenSSH incorrectly handled certain requests. ...
USN-5509-1: Dovecot vulnerability
Julian Brook discovered that Dovecot incorrectly handled multiple passdb configuration entries. In certain configurations, a remote attacker could possibly use this issue to escalate privileges...
USN-4920-1: ZeroMQ vulnerabilities
It was discovered that ZeroMQ incorrectly handled certain application metadata. A remote attacker could use this issue to cause ZeroMQ to crash, or possibly execute arbitrary code. CVE-2019-13132 It was discovered that ZeroMQ mishandled certain network traffic. An unauthenticated attacker could u...
USN-5395-1: networkd-dispatcher vulnerabilities
It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. CVE-2022-29799, CVE-2022-29800...
USN-3799-2: MySQL vulnerabilities
USN-3799-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in...
USN-3777-3: Linux kernel (Azure) vulnerabilities
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free...
USN-3799-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.62 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.24. In addition to security fixes,...
USN-5182-1: Roundcube Webmail vulnerabilities
It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...
USN-4465-1: linux kernel vulnerabilities
It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. CVE-2020-12655 It was discovered that the...
USN-6300-1: Linux kernel vulnerabilities
William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...
USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities
Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband...
USN-3798-1: Linux kernel vulnerabilities
Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8539 It...
USN-5342-2: Python vulnerabilities
USN-5342-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain FTP requests. An attacker could possibly use this iss...
USN-3803-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3797-1: Linux kernel vulnerabilities
Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service system crash. CVE-2018-14734 It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kerne...
USN-3805-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-16839 Brian Carpenter discovered that curl incorrectly handled memory when...
USN-3804-1: OpenJDK vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
USN-3798-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not...
USN-3801-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass...
USN-3788-2: Tex Live-bin vulnerability
USN-3788-1 fixed vulnerabilities in Tex Live. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-17407...
USN-5273-1: RPM Package Manager vulnerabilities
Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue to corrupt the database and cause a denial of service. CVE-2021-3421, CVE-2021-20271 Demi M. Obenour discovered that RPM Package Manager incorrectly handled memory when...
USN-3790-2: Requests vulnerability
USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details: It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information...
USN-3795-2: libssh vulnerability
USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-3800-1: audiofile vulnerabilities
It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-13440 It was discovered that audiofile incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code...
USN-3796-3: Paramiko vulnerability
USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-5160-1: Midnight Commander vulnerability
It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server...
USN-3792-3: Net-SNMP vulnerability
USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. Original advisory details: It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash,...
USN-6560-2: OpenSSH vulnerabilities
USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If ...
USN-6449-1: FFmpeg vulnerabilities
It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-22038 It was discovered that FFmpeg incorrect...
USN-3796-2: Paramiko vulnerability
USN-3796-1 fixed a vulnerability in paramiko. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass...
USN-3795-1: libssh vulnerability
Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials...
USN-6736-1: klibc vulnerabilities
It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory whe...
USN-5340-1: CKEditor vulnerabilities
Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. CVE-2018-9861 Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could...
USN-6531-1: Redis vulnerabilities
Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. CVE-2022-24834 SeungHyun Lee discovered that Redis incorrectly handled specially crafted...