10869 matches found
USN-6263-1: OpenJDK vulnerabilities
Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. CVE-2023-22006 Eirik Bjørsnøs discovered that...
USN-6929-1: OpenJDK 8 vulnerabilities
It was discovered that the Hotspot component of OpenJDK 8 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...
USN-6694-1: Expat vulnerabilities
It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...
USN-6166-1: libcap2 vulnerabilities
David Gstir discovered that libcap2 incorrectly handled certain return codes. An attacker could possibly use this issue to cause libcap2 to consume memory, leading to a denial of service. CVE-2023-2602 Richard Weinberger discovered that libcap2 incorrectly handled certain long input strings. An...
USN-3891-1: systemd vulnerability
It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service kernel panic...
USN-6420-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-3235, CVE-2022-3278,...
USN-5508-1: Python LDAP vulnerability
It was discovered that Python LDAP incorrectly handled certain regular expressions. An remote attacker could possibly use this issue to cause a denial of service...
USN-3810-1: ppp vulnerability
Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication...
USN-6986-1: OpenSSL vulnerability
David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information...
USN-5722-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled certain memory operations in the ngxhttpmp4module module. A local attacker could possibly use this issue with a specially crafted mp4 file to cause nginx to crash, stop responding, or access arbitrary memory. CVE-2022-41741, CVE-2022-41742...
USN-5054-1: uWSGI vulnerability
Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution...
USN-4008-1: Linux kernel vulnerabilities
Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. CVE-2019-11190 It was...
USN-204-1: SSL library vulnerability
Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSLOPMSIESSLV2RSAPADDING option or SSLOPALL, which implies the former to maintain compatibility with third party products, which is achieved by working around known...
USN-5184-1: libmysofa vulnerability
It was discovered that libmysofa mishandled certain input. An attacker could use this vulnerability to cause a denial of service crash...
USN-4940-1: PyYAML vulnerability
It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code...
USN-6508-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu...
USN-3820-1: Linux kernel vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
USN-6951-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...
USN-5736-2: ImageMagick vulnerabilities
USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu...
USN-6885-1: Apache HTTP Server vulnerabilities
Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2024-36387 Orange Tsai discovered that the Apache...
USN-6599-1: Jinja2 vulnerabilities
Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2020-28493 It was discovered that Jinja incorrectly handled certain HTM...
USN-4750-1: Linux kernel vulnerabilities
Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...
USN-6233-1: YAJL vulnerabilities
It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service application...
USN-6906-1: python-zipp vulnerability
It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service...
USN-3885-1: OpenSSH vulnerabilities
Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output...
USN-6780-1: idna vulnerability
Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service...
USN-6709-1: OpenSSL vulnerabilities
It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-3446 After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q...
USN-6322-1: elfutils vulnerabilities
It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS...
USN-6950-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...
USN-6473-1: urllib3 vulnerabilities
It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-25091 It was discovered that urllib3 didn't...
USN-6804-1: GNU C Library vulnerabilities
It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash. CVE-2024-33599 It was discovered that GNU C Library nscd daemon did not properly check the cache content, leading to a null pointer...
USN-6655-1: GNU binutils vulnerabilities
It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. CVE-2022-47695 It was discovered that GNU binutils was...
USN-3813-1: pyOpenSSL vulnerabilities
It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-1000807 It was discovered that pyOpenSSL incorrectly handled...
USN-6733-1: GnuTLS vulnerabilities
It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-28834 It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker cou...
USN-6480-1: .NET vulnerabilities
Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. CVE-2023-36558 Piotr Bazydlo discovered that .NET did not properly handle...
USN-6640-1: shadow vulnerability
It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information...
USN-5237-1: MediaInfoLib vulnerabilities
It was discovered that MediaInfoLib incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. CVE-2020-26797 It was discovered that MediaInfoLib incorrectly handled certain specially crafted MpegPs files. An attacker could possibl...
USN-6698-1: Vim vulnerability
Zhen Zhou discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service...
USN-6360-2: FLAC vulnerability
USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause...
USN-6354-1: Python vulnerability
It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this vulnerability to perform an XML External Entity XXE injection, resulting in a denial of service or information disclosure...
USN-6947-1: Kerberos vulnerabilities
It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. CVE-2024-37370 It was discovered that Kerberos incorrectly handled GSS message tokens when sent a...
USN-6926-1: Linux kernel vulnerabilities
黄思聪 discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash...
USN-6787-1: Jinja2 vulnerability
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...
USN-6676-1: c-ares vulnerability
Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash...
USN-6487-1: Avahi vulnerabilities
Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service. CVE-2023-38469, CVE-2023-38470, CVE-2023-38471,...
USN-6407-2: libx11 vulnerabilities
USN-6407-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked...
USN-4010-1: Exim vulnerability
It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands...
USN-3811-2: SpamAssassin vulnerability
USN-3811-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a deni...
USN-6764-1: libde265 vulnerability
It was discovered that libde265 could be made to allocate memory that exceeds the maximum supported size. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service...
USN-6369-2: libwebp vulnerability
USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted imag...