10888 matches found
USN-6592-1: libssh vulnerabilities
It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...
USN-4705-1: Sudo vulnerabilities
It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVE-2021-3156 It was discovered that the Sudo sudoedit utility incorrectly handled checking directory...
USN-6824-1: GIFLIB vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. CVE-2021-40633, CVE-2022-28506, CVE-2023-39742...
USN-6964-1: ORC vulnerability
Noriko Totsuka discovered that ORC incorrectly handled certain crafted file. An attacker could possibly use this issue to execute arbitrary code...
USN-4709-1: Linux kernel vulnerabilities
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...
USN-4639-1: phpMyAdmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...
USN-3783-1: Apache HTTP Server vulnerabilities
Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module incorrectly destroyed certain streams. A remote attacker could possibly use this issue to cause the server to crash, leading to a denial of service. CVE-2018-1302 Craig Young discovered that the Apache HTTP Server HTTP/2 module...
USN-4145-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service system crash. CVE-2016-10905 It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket optio...
USN-6897-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-29506 It was discovered that...
USN-6803-1: FFmpeg vulnerabilities
Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. CVE-2023-49501 Zen...
USN-6619-1: runC vulnerability
Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions...
USN-5496-1: cloud-init vulnerability
Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs could potentially use this to gain user credentials...
USN-6666-1: libuv vulnerability
It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks...
USN-4705-2: Sudo vulnerability
USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain...
USN-5566-1: Linux kernel vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...
USN-6567-2: QEMU regression
USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...
USN-6756-1: less vulnerability
It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host...
USN-5317-1: Linux kernel vulnerabilities
Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-25636 Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida...
USN-4710-1: Linux kernel vulnerability
Kiyin 尹亮 discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service kernel memory exhaustion...
USN-6895-3: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...
USN-5776-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled memory when receiving certain faulty Exec or ExecSync commands. A remote attacker could possibly use this issue to cause a denial of service or crash containerd. CVE-2022-23471, CVE-2022-31030 It was discovered that containerd incorrectly set ...
USN-6501-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service...
USN-4699-1: Apache Log4net vulnerability
It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information...
USN-5728-1: Linux kernel vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...
USN-4041-1: Linux kernel update
USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu. Unfortunately, the update introduced a regression that interfered with networking applications that setup very low SOSNDBUF values. This update fixes the problem. We apologize for the inconvenience. Jonathan Looney discovered that t...
USN-6202-1: containerd vulnerabilities
David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. CVE-2023-25153 It was discovered that containerd incorrectly set up...
USN-4146-2: ClamAV vulnerabilities
USN-4146-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking ZIP files. A remote attacker could possibly use this issue to cause...
USN-4042-1: poppler vulnerabilities
It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service, or possibly execute arbitrary code...
USN-6889-1: .NET vulnerabilities
It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. CVE-2024-30105 Radek Zikmund discovered that .NET did not properly manage memory. An attacker could use this issue to cause a denial of service or...
USN-6578-1: .NET vulnerabilities
Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. CVE-2024-0057 Morgan Brown discovered that .NET did not properly handle...
USN-4916-2: Linux kernel regression
USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the overlayfs implementation in the Linu...
USN-3744-1: PostgreSQL vulnerabilities
Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...
USN-4583-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7069 It was discorevered that PHP incorrectly handled...
USN-3820-2: Linux kernel (HWE) vulnerabilities
USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not...
USN-6643-1: NPM IP vulnerability
Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery SSRF attacks...
USN-6379-1: vsftpd vulnerability
It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another...
USN-4105-1: CUPS vulnerabilities
Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. CVE-2019-8696, CVE-2019-8675 It was discovered that CUPS did not properly handle...
USN-4080-1: OpenJDK 8 vulnerabilities
Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. CVE-2019-2745 It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing...
USN-4115-1: Linux kernel vulnerabilities
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2018-19985 Zhipeng Xie discovered that an...
USN-4076-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Serial Attached SCSI SAS implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-20836 It was discovered that the ext4 file system implementati...
USN-2155-1: OpenSSH vulnerability
Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions...
USN-5620-1: OpenEXR vulnerabilities
It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. These issues only affected Ubuntu 20.04 ESM. CVE-2021-3598,...
USN-5310-1: GNU C Library vulnerabilities
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS...
USN-5378-2: XZ Utils vulnerability
Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain filenames. If a user or automated system were tricked into performing xzgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files...
USN-4068-2: Linux kernel (HWE) vulnerabilities
USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kern...
USN-6809-1: BlueZ vulnerabilities
It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2022-3563 It was discovered that BlueZ could be made to write out of bounds. If a user were tricked into...
USN-5181-1: jQuery UI vulnerability
It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. CVE-2021-41184 It was discovered that jQuery U...
USN-4009-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2019-11036 It was discovered that PHP incorrectly decoding certain MIME headers...
USN-3405-1: Linux kernel vulnerabilities
It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...
USN-5442-1: Linux kernel vulnerabilities
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...