10891 matches found
USN-5512-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute...
USN-5504-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass CSP restrictions, bypass sandboxed iframe restrictions, obtain sensitive...
USN-5500-1: Linux kernel vulnerabilities
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Lin Ma discovered that the NFC Controller...
USN-5458-1: Vim vulnerabilities
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. CVE-2021-4193 It was discovered that Vim was not properly performing bounds checks when...
USN-5424-1: OpenLDAP vulnerability
It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database...
USN-5392-1: Mutt vulnerabilities
It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS. CVE-2021-32055 It was discovered that Mutt incorrectly handled certain input. An attacker could possibly use this...
USN-4987-2: ExifTool vulnerability
USN-4987-1 fixed a vulnerability in ExifTool. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or...
USN-5257-1: ldns vulnerabilities
It was discovered that ldns incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2020-19860, CVE-2020-19861...
USN-5170-1: MariaDB vulnerability
A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.3.32 in Ubuntu 20.04 LTS and to 10.5.13 in Ubuntu 21.04 and Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new...
USN-5032-2: Docker vulnerabilities
USN-5032-1 fixed vulnerabilities in Docker. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...
USN-5032-1: Docker vulnerabilities
Several vulnerabilities were fixed in Docker. This update provides a new upstream version that fixed them...
USN-4693-1: Ampache vulnerabilities
It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. CVE-2019-12385 It was discovered that an XSS vulnerability in...
USN-4638-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service...
USN-4593-1: FreeType vulnerability
Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges...
USN-4581-1: Python vulnerability
It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...
USN-4371-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2020-10703 It was discovered that libvirt incorrectly handled memory when retrieving certain...
USN-4361-1: Dovecot vulnerabilities
Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service. CVE-2020-10957, CVE-2020-10967 Philippe Antoine discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to...
USN-4352-1: OpenLDAP vulnerability
It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service...
USN-4333-2: Python vulnerabilities
USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...
USN-4345-1: Linux kernel vulnerabilities
Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2020-11884 It was discovered that t...
USN-4248-1: GraphicsMagick vulnerabilities
It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4194-1: postgresql-common vulnerability
Rich Mirch discovered that the postgresql-common pgctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges...
USN-4152-1: libsoup vulnerability
It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service...
USN-3847-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-10902 It was discovered that an integer overr...
USN-3811-3: SpamAssassin vulnerabilities
USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...
USN-3758-1: libx11 vulnerabilities
Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An attacker could possibly use this issue to access sensitive information CVE-2016-7942 Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs. An attacker could possibly use this issue to access...
USN-3620-1: Linux kernel vulnerabilities
It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAPNETADMIN privilege could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-3573-1: Quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-5379 It was discovered that the Quagga BGP daemon did not...
USN-3443-3: Linux kernel (GCP) vulnerability
Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-14106...
USN-3413-1: BlueZ vulnerability
It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol SDP implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. CVE-2017-1000250...
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message que...
USN-3391-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting XSS attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal...
USN-3343-1: Linux kernel vulnerabilities
USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux...
USN-3344-1: Linux kernel vulnerabilities
USN 3328-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds che...
USN-3338-1: Linux kernel vulnerabilities
It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges CVE-2017-1000364 Jesse Hert...
USN-3206-1: Linux kernel vulnerabilities
It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-7910 Dmitry Vyukov discovered a use-after-free vulnerability ...
USN-3190-1: Linux kernel vulnerabilities
Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 It was discovered that a...
USN-3169-1: Linux kernel vulnerabilities
Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Andrey Konovalov discovered that signed integer overflows...
USN-3123-1: curl vulnerabilities
It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. CVE-2016-7141 Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote...
USN-3006-1: Linux kernel vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...
USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...
USN-2965-1: Linux kernel vulnerabilities
Jann Horn discovered that the extended Berkeley Packet Filter eBPF implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. CVE-2016-4557 Ralf Spenneberg...
USN-2930-2: Linux kernel (Wily HWE) vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...
USN-2907-1: Linux kernel vulnerabilities
halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...
USN-2900-1: GNU C Library vulnerability
It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-2689-1: Linux kernel (Utopic HWE) vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs non-maskable interrupts. An unprivileged local user could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges. CVE-2015-3290 Colin King discovered a flaw in the addkey...
USN-2637-1: Linux kernel vulnerabilities
Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service system crash. CVE-2015-0275 Wen Xu discovered a use-after-free flaw in the...
USN-2612-1: Linux kernel (OMAP4) vulnerabilities
A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. CVE-2015-3339 Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connecti...
USN-2584-1: Linux kernel (EC2) vulnerability
A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...
USN-2501-1: PHP vulnerabilities
Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8142, CVE-2015-0231 Brian Carpenter discovered that the PHP CGI component...