10832 matches found
USN-4840-1: Singularity vulnerabilities
It was discovered that Singularity incorrectly handled certain inputs. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-19295 It was discovered that Singularity incorrectly handled access control. An attacker could possibly use this issue to obtain sensitive...
USN-4839-1: python-gnupg vulnerabilities
Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...
USN-4837-1: LibSass vulnerabilities
It was discovered that LibSass incorrectly handled certain specially crafted sass file. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4836-1: Symfony vulnerability
It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access...
USN-4834-1: Prosody vulnerability
It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issue to gain unintended access to resources...
USN-4832-1: Plexus Archiver vulnerability
It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...
USN-4831-1: OpenMPT vulnerabilities
It was discovered that OpenMPT incorrectly handled certain files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4830-1: Okular vulnerability
It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4442-2: Sympa vulnerabilities
USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this...
USN-4828-1: librelp vulnerability
It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4827-1: Crypto++ vulnerability
It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information...
USN-4826-1: SoundTouch vulnerabilities
It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 It was discovered that SoundTouch incorrectly handled...
USN-4825-1: Coin3D vulnerability
USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Coin3D for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM...
USN-4824-1: Varnish vulnerability
It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information...
USN-4823-1: Mosquitto vulnerability
It was discovered that Mosquitto incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...
USN-4822-1: Firebird vulnerability
It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...
USN-4821-1: openpyxl vulnerability
It was discovered that openpyxl incorrectly handled certain documents. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4820-1: S-nail vulnerability
It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges...
USN-4819-1: Leptonica vulnerabilities
It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. CVE-2017-18196 It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could...
USN-4817-1: HDF5 vulnerabilities
It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service...
USN-4816-1: game-music-emu vulnerability
It was discovered that game-music-emu mishandled certain crafted input. A remote attacker could use this vulnerability to cause game-music-emu to crash...
USN-4815-1: xrdp vulnerabilities
It was discovered that xrdp did not properly validate certain input in the session manager. A local attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2017-16927 It was discovered that xrdp did not properly initialize PAM session modules. A remote...
USN-4814-1: Asterisk vulnerabilities
Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote attacker could use this vulnerability to cause a denial of service crash or potentially execute arbitrary code. CVE-2017-16671 Alex Villacis Lasso...
USN-4813-1: Jackson Databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...
USN-4812-1: libbson vulnerabilities
It was discovered that libbson incorrectly validated input length. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. CVE-2017-14227 It was discovered that libbson incorrectly handled certain specially crafted bson buffers. An attack...
USN-4811-1: libzip vulnerability
It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...
USN-3421-2: Libidn2 vulnerability
USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM...
USN-4809-1: VideoLAN x265 vulnerability
It was discovered that VideoLAN x265 mishandled certain memory-allocation inputs. An attacker could use this vulnerability to cause a denial of service crash...
USN-4808-1: Tinyproxy vulnerability
It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...
USN-4807-1: WildMIDI vulnerabilities
It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service...
USN-4805-1: VLC vulnerabilities
It was discovered that VLC mishandled certain crafted media files. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2017-10699 It was discovered that VLC mishandled certain crafted MKV...
USN-4804-1: Puppet vulnerabilities
It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service. CVE-2017-10689 It was discovered that Puppet could be used to force YAML deserialization in an unsafe manner. A remote...
USN-4803-1: Gifsicle vulnerabilities
It was discovered that Gifsicle did not properly handle certain input. If a user were tricked into opening a malicious GIF, an attacker could potentially execute arbitrary code...
USN-4802-1: HTSlib vulnerabilities
It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2017-1000206 It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this iss...
USN-4801-1: ROOT vulnerability
It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code...
USN-4800-1: Lynx vulnerabilities
It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. CVE-2016-9179 It was discovered that Lynx incorrectly handled certain HTML files. A...
USN-4799-1: R vulnerability
It was discovered that a buffer overflow in R causes memory corruption. An attacker could possibly use this to cause a denial of service or execute arbitrary code...
USN-4798-1: libgit2 vulnerabilities
It was discovered that libgit2 mishandled certain malformed git objects. A remote attacker could use this vulnerability to cause a denial of service...
USN-4796-1: Node.js vulnerabilities
Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...
USN-4795-1: Apache Groovy vulnerability
It was discovered that Apache Groovy incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code...
USN-4794-1: libupnp vulnerabilities
Matthew Garrett discovered that libupnp mishandled POST requests by default. An attacker could use this vulnerability to write files to arbitrary locations in the victim's filesystem, possibly as root. CVE-2016-6255 It was discovered that libupnp mishandled certain input. A remote attacker could...
USN-4793-1: collectd vulnerabilities
It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerability to cause collectd to crash or possibly execute arbitrary code. CVE-2016-6254 It was discovered that collectd failed to handle certain input. An attacker could use this vulnerabilit...
USN-4792-1: FreeIPA vulnerabilities
It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates This issue only affected Ubuntu 16.04 ESM. CVE-2016-5404 It was discovered that FreeIPA incorrectly handled authentication...
USN-4791-1: Apache Tomcat 7 vulnerabilities
It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote attacker could possible use this vulnerability to redirect the traffic to an arbitrary proxy and obtain sensitive information. CVE-2016-5388 It was...
USN-4790-1: libtorrent vulnerability
It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service...
USN-4789-1: Apache ZooKeeper vulnerabilities
It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2016-5017 It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could...
USN-4788-1: iperf3 vulnerability
It was discovered that iperf mishandled certain UTF-8 and UTF-16 strings. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...
USN-4787-1: jq vulnerability
It was discovered that jq did not perform sufficient bounds checking, resulting in unbounded resource consumption. An attacker could use this vulnerability to cause a denial of service...
USN-4786-1: Moment.js vulnerabilities
It was discovered that Moment.js mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service...
USN-4785-1: npm vulnerability
It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users...