10910 matches found
USN-5312-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain headers. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service...
USN-5229-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information across domains, or execu...
USN-5107-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof another origin, or execute arbitrary code...
USN-5029-1: GnuTLS vulnerabilities
It was discovered that GnuTLS incorrectly handled sending certain extensions when being used as a client. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4932-1: Django vulnerability
It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...
USN-4720-1: Apport vulnerabilities
Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. CVE-2021-25682, CVE-2021-25683 Itai Greenhut discovered that Apport incorrectly handled opening certain special files...
USN-4696-1: HTMLDOC vulnerability
It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...
USN-4645-1: Mutt vulnerability
It was discovered that Mutt incorrectly handled certain connections. An attacker could possibly use this issue to expose sensitive information...
USN-4483-1: Linux kernel vulnerabilities
Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...
USN-4330-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. CVE-2020-7062 It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information...
USN-4286-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that a race condition existed in the Softmac USB Prism54 devi...
USN-4188-1: Linux kernel vulnerability
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...
USN-4134-1: IBus vulnerability
Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user...
USN-4072-1: Ansible vulnerabilities
It was discovered that Ansible failed to properly handle sensitive information. A local attacker could use those vulnerabilities to extract them. CVE-2017-7481 CVE-2018-10855 CVE-2018-16837 CVE-2018-16876 CVE-2019-10156 It was discovered that Ansible could load configuration files from the curren...
USN-3976-1: Samba vulnerability
Isaac Boukris and Andrew Bartlett discovered that Samba incorrectly checked S4U2Self packets. In certain environments, a remote attacker could possibly use this issue to escalate privileges...
USN-3880-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3880-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that the CIFS client implementation in the Linux kernel did not...
USN-3864-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...
USN-3315-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute...
USN-3196-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain arguments to the localegetdisplayname function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-9912 It was discovered that PHP incorrectly handled...
USN-5024-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4969-2: DHCP vulnerability
USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue...
USN-4756-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct cross-site scripting XSS attacks, bypass HTTP auth phishing warning...
USN-4732-1: SQLite vulnerability
It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4689-1: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...
USN-4604-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes...
USN-4284-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that the Atheros 802.11ac wireless USB device driver in the...
USN-4170-1: Whoopsie vulnerability
Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user...
USN-3523-3: Linux kernel (Raspberry Pi 2) vulnerabilities
Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-1786...
USN-2363-1: Bash vulnerability
Tavis Ormandy discovered that the security fix for Bash included in USN-2362-1 was incomplete. An attacker could use this issue to bypass certain environment restrictions. CVE-2014-7169...
USN-1681-2: Thunderbird vulnerabilities
USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory details: Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Sewa...
USN-6821-4: Linux kernel (Azure) vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...
USN-6751-1: Zabbix vulnerabilities
It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting XSS attacks. CVE-2022-35229, CVE-2022-35230...
USN-5921-1: rsync vulnerabilities
Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges...
USN-5741-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5372-1: Subversion vulnerabilities
Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that Subversion servers did not properly...
USN-5284-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. CVE-2022-0511,...
USN-5204-1: Django vulnerabilities
Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. CVE-2021-45115 Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. ...
USN-5057-1: Squashfs-Tools vulnerability
Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-5005-1: DjVuLibre vulnerability
It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4922-2: Ruby vulnerability
USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Original advisory details: Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to...
USN-4923-1: EDK II vulnerabilities
Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...
USN-4689-3: NVIDIA graphics drivers vulnerabilities
It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...
USN-4692-1: tar vulnerabilities
Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu...
USN-4057-1: Zipios vulnerability
Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. CVE-2019-13453...
USN-3988-1: MediaInfoLib vulnerabilities
It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service...
USN-3980-1: Linux kernel vulnerabilities
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...
USN-3965-1: aria2 vulnerability
Dhiraj Mishra discovered that aria2 incorrectly stored authentication information. A local attacker could possibly use this issue to obtain credentials...
USN-3707-1: NTP vulnerabilities
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. A remote attacker could possibly use this issue to cause ntpd to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. CVE-2018-7182 Michael Macnair discovered that...
USN-3571-1: Erlang vulnerabilities
It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...
USN-489-1: Linux kernel vulnerabilities
A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. CVE-2006-4623 The compatsysmount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. CVE-2006-7203...