10891 matches found
USN-4414-1: Linux kernel vulnerabilities
It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...
USN-4353-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code. CVE-2020-6831, CVE-2020-1238...
USN-4330-2: PHP vulnerabilities
USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash...
USN-4185-1: Linux kernel vulnerabilities
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...
USN-4134-2: IBus regression
USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Original advisory details: Simon McVittie discovered that IBus did not enforce appropriate access controls o...
USN-4082-2: Subversion vulnerabilities
USN-4082-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause...
USN-4028-1: Thunderbird vulnerabilities
Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code...
USN-3980-2: Linux kernel (HWE) vulnerabilities
USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andre...
USN-3979-1: Linux kernel vulnerabilities
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...
USN-3974-1: VCFtools vulnerabilities
It was discovered that VCFtools improperly handled certain input. If a user was tricked into opening a crafted input file, VCFtools could be made to crash. CVE-2018-11099, CVE-2018-11129, CVE-2018-11130...
USN-3617-2: Linux (HWE) vulnerabilities
USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in t...
USN-3516-1: Firefox vulnerabilities
It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially...
USN-3364-3: Linux kernel (AWS, GKE) vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 It was discovered that the Linux kernel did not properly restrict access to /proc/iomem. A local attacker...
USN-3278-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. CVE-2017-5429,...
USN-3104-1: Linux kernel vulnerability
It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges...
USN-1437-1: PHP vulnerability
It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using modphp5 and FastCGI were...
USN-1240-1: Linux kernel (Marvell DOVE) vulnerabilities
Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...
USN-549-1: PHP vulnerabilities
It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. CVE-2007-3998 Integer overflows were discovered in the strspn and strcspn functions. Attackers could...
USN-6766-2: Linux kernel vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...
USN-6766-1: Linux kernel vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...
USN-6355-1: GRUB2 vulnerabilities
Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...
USN-5981-1: Linux kernel vulnerabilities
It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...
USN-5824-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
USN-5666-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution...
USN-5571-1: PostgreSQL vulnerability
Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated...
USN-5499-1: curl vulnerabilities
Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. CVE-2022-27781 Harry Sintonen discovered that curl incorrectly handled...
USN-5440-1: PostgreSQL vulnerability
Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser...
USN-5373-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. CVE-2022-28346 It was discovered that Django incorrectly handled certain...
USN-5203-1: Apache Log4j 2 vulnerability
Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...
USN-5119-1: libcaca vulnerabilities
It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash. CVE-2021-30498, CVE-2021-30499...
USN-5105-1: Bottle vulnerability
It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests...
USN-5034-2: c-ares vulnerability
USN-5034-1 fixed a vulnerability in c-ares. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use...
USN-4775-1: Lighttpd vulnerabilities
It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2015-3200 It...
USN-4720-2: Apport vulnerabilities
USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate...
USN-4719-1: ca-certificates update
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...
USN-4448-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. CVE-2020-13935 It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain...
USN-4376-2: OpenSSL vulnerabilities
USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida GarcÃa, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered...
USN-4376-1: OpenSSL vulnerabilities
Cesar Pereida GarcÃa, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...
USN-4372-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use this to cause a denial of service or possibly execute arbitrary code in the host. This issue only affected Ubuntu 19.10. CVE-2019-15034 It was discovered that QEMU incorrectly handled memo...
USN-4344-1: Linux kernel vulnerabilities
It was discovered that the Intel Wi-Fi driver in the Linux kernel did not properly check for errors in some situations. A local attacker could possibly use this to cause a denial of service system crash. CVE-2019-16234 It was discovered that the Intel WiMAX 2400 driver in the Linux kernel did not...
USN-4253-1: Linux kernel vulnerability
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information...
USN-4252-2: tcpdump vulnerabilities
USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulti...
USN-4231-1: NSS vulnerability
It was discovered that NSS incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-3983-1: Linux kernel vulnerabilities
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...
USN-3940-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2019-1787 It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote...
USN-3926-1: GPAC vulnerabilities
It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...
USN-3921-1: XMLTooling vulnerability
It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service...
USN-3918-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick...
USN-3913-1: P7ZIP vulnerabilities
It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution...
USN-3902-2: PHP vulnerabilities
USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash,...