10890 matches found
USN-578-1: Linux kernel vulnerabilities
The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. CVE-2006-6058 Alexander Schulze...
USN-349-1: gzip vulnerabilities
Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user's privileges...
USN-82-1: Linux kernel vulnerabilities
CAN-2004-0176: Michael Kerrisk noticed an insufficient permission checking in the shmctl function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMITMEMLOCK limit that is the maximum size of shared memory that unprivileged users can acquire...
USN-7293-1: Linux kernel vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...
USN-6548-3: Linux kernel (Oracle) vulnerabilities
It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...
USN-6532-1: Linux kernel vulnerabilities
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Yu Hao discovered that the UBI driver in the Linux kernel did not properly check...
USN-6505-1: nghttp2 vulnerability
It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service...
USN-6494-1: Linux kernel vulnerabilities
Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...
USN-6401-1: FreeRDP vulnerabilities
It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...
USN-6244-1: AMD Microcode vulnerability
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information...
USN-5537-2: MySQL vulnerability
USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in...
USN-5416-1: Linux kernel (OEM) vulnerabilities
Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. CVE-2022-1158 It was discovered that the implementation ...
USN-5331-2: tcpdump vulnerabilities
USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial o...
USN-5327-1: rsh vulnerability
Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions...
USN-5254-1: shadow vulnerabilities
It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2017-12424 It was discovered that shadow incorrectly handled certain...
USN-5065-1: Open vSwitch vulnerability
It was discovered that Open vSwitch incorrectly handled decoding RAWENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4800-1: Lynx vulnerabilities
It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. CVE-2016-9179 It was discovered that Lynx incorrectly handled certain HTML files. A...
USN-4731-1: JUnit 4 vulnerability
It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information...
USN-4700-1: PyXDG vulnerability
Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code...
USN-4602-2: Perl vulnerabilities
USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions ar...
USN-4511-1: QEMU vulnerability
Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default...
USN-4422-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4323-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-6821, CVE-2020-6822, CVE-2020-6824,...
USN-4195-2: MariaDB vulnerabilities
USN-4195-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2974 in MariaDB 10.1 and CVE-2019-2938, CVE-2019-2974 for MariaDB 10.3. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.43. Ubuntu 19.04 and 19.10 has been updated to MariaDB 10.3.20. I...
USN-3873-1: Open vSwitch vulnerabilities
It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. CVE-2018-17204 It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote...
USN-3654-1: Linux kernel vulnerabilities
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...
USN-3087-2: OpenSSL regression
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Shi Lei discovered that OpenSSL incorrectly handled the OCSP Statu...
USN-2952-2: PHP regression
USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the PHP Zip extension incorrectly handled directories when...
USN-2758-1: PHP vulnerabilities
It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. CVE-2015-5589 It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker cou...
USN-2064-1: Linux kernel vulnerabilities
Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. CVE-2013-4345 A flaw was discovered in the Linux kernel's IP Virtual Server IPVS support. A local user with the CAPNETADMI...
USN-112-1: PHP4 vulnerabilities
An integer overflow was discovered in the exifprocessIFDTAG function in PHP4's EXIF module. EXIF tags with a specially crafted "Image File Directory" IFD tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. CAN-2005-1042 Th...
USN-6653-3: Linux kernel (Low Latency) vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6316-1: Linux kernel (OEM) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...
USN-6289-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities
It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the System V IPC...
USN-5495-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. CVE-2022-32205 Harry Sintonen discovered that curl incorrectly handled certain HTTP...
USN-5413-1: Linux kernel vulnerabilities
Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 It was discovered that a race condition existed in the network...
USN-5244-1: DBus vulnerability
Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...
USN-5104-1: Squid vulnerability
Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information...
USN-4921-1: libcaca vulnerability
It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code...
USN-4757-1: wpa_supplicant and hostapd vulnerability
It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code...
USN-4668-4: python-apt vulnerability
USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume...
USN-4647-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions,...
USN-4557-1: Tomcat vulnerabilities
It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...
USN-4546-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting XSS attacks, spoof the site displayed in the download dialog, or execute...
USN-4414-1: Linux kernel vulnerabilities
It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...
USN-4353-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. CVE-2020-6831, CVE-2020-1238...
USN-4330-2: PHP vulnerabilities
USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash...
USN-4268-1: OpenSMTPD vulnerability
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root...
USN-4214-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...