10918 matches found
USN-4774-1: Spring Framework vulnerabilities
Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. CVE-2015-3192 Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could...
USN-4806-1: mpg123 vulnerability
It was discovered that mpg123 failed to handle certain malformed mp3 files. An attacker could use this vulnerability to potentially leak sensitive information or cause a crash...
USN-4881-1: containerd vulnerability
It was discovered that containerd incorrectly handled certain environment variables. Contrary to expectations, a container could receive environment variables defined for a different container, possibly containing sensitive information...
USN-5102-2: Mercurial vulnerabilities
USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to...
USN-4835-1: VCFtools vulnerabilities
It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to crash or possibly cause other unspecified impact. CVE-2018-11099, CVE-2018-11129, CVE-2018-11130 It was discovered that VCFtools improperly handled...
USN-4843-1: phpMyAdmin vulnerabilities
Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service DoS. This issue only affected Ubuntu 14.04 ESM. CVE-2014-9218 Emanuel Bronshtein discovered that phpMyAdmin failed to...
USN-4880-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code...
USN-4879-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Loris Reiff discovered that the BPF implementation in t...
USN-4878-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Ryota Shiga discovered that the sockopt BPF hooks in th...
USN-4877-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 吴异 discovered that the NFS implementation in the Linux...
USN-4876-1: Linux kernel vulnerabilities
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. CVE-2020-29569 It was discovered that the...
USN-4875-1: OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
USN-4874-1: Apache Ant vulnerability
It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...
USN-4872-1: Axel vulnerability
It was discovered that Axel did not properly verify the certificates for hostnames. An attacker could use this vulnerability to impersonate another server and obtain sensitive information...
USN-4871-1: targetcli-fb vulnerabilities
It was discovered that targetcli-fb did not properly manage socket permissions. A local attacker could use this issue to modify the iSCSI configuration resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2020-10699 It was discovered that targetcli-fb did...
USN-4870-1: Bundler vulnerability
It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...
USN-4869-1: aria2 vulnerability
It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information...
USN-4868-1: LibTomCrypt vulnerability
It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information...
USN-4863-1: fstream vulnerability
It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4862-1: Neovim vulnerability
It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-4860-1: Monit vulnerabilities
Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to...
USN-4859-1: MediaInfoLib vulnerabilities
It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service...
USN-4858-1: Gradle vulnerabilities
It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...
USN-4857-1: BWA vulnerability
It was discovered that Burrows-Wheeler Aligner BWA mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...
USN-4856-1: docker-credential-helpers vulnerability
Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...
USN-4855-1: IPython vulnerability
It was discovered that IPython did not properly sanitize certain input. If a user were tricked into opening a specially crafted notebook file, a remote attacker could possibly use this issue to execute arbitrary code...
USN-4854-1: AsyncSSH vulnerability
Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions...
USN-4853-1: liveMedia vulnerabilities
It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-4013 It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a deni...
USN-4852-1: VTK vulnerabilities
It was discovered that VTK incorrectly handled certain XML files in the embedded Expat library. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...
USN-4851-1: Libsolv vulnerabilities
It was discovered that Libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause Libsolv to crash, resulting in a denial of service...
USN-4848-1: mini_httpd vulnerability
It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...
USN-4846-1: Yubico PIV Tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
USN-4845-1: libcgroup vulnerability
It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information...
USN-4844-1: Cinnamon vulnerability
Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root...
USN-4842-1: ntopng vulnerability
It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session...
USN-4229-2: NTP vulnerability
USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute...
USN-4840-1: Singularity vulnerabilities
It was discovered that Singularity incorrectly handled certain inputs. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-19295 It was discovered that Singularity incorrectly handled access control. An attacker could possibly use this issue to obtain sensitive...
USN-4839-1: python-gnupg vulnerabilities
Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...
USN-4837-1: LibSass vulnerabilities
It was discovered that LibSass incorrectly handled certain specially crafted sass file. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4836-1: Symfony vulnerability
It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain unauthorized access...
USN-4834-1: Prosody vulnerability
It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issue to gain unintended access to resources...
USN-4832-1: Plexus Archiver vulnerability
It was discovered that Plexus Archiver incorrectly handled directory traversal during extraction. An attacker could possibly use this for a Zip-Slip attack...
USN-4831-1: OpenMPT vulnerabilities
It was discovered that OpenMPT incorrectly handled certain files. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4830-1: Okular vulnerability
It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4442-2: Sympa vulnerabilities
USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this...
USN-4828-1: librelp vulnerability
It was discovered that librelp did not properly manage x509 certificates, leading to a stack-based buffer overflow. A remote attacker could possibly use this issue to execute arbitrary code...
USN-4827-1: Crypto++ vulnerability
It was discovered that Crypto++ mishandled certain input. An attacker could use this vulnerability to leak potentially sensitive information...
USN-4826-1: SoundTouch vulnerabilities
It was discovered that SoundTouch incorrectly handled certain WAV files. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 It was discovered that SoundTouch incorrectly handled...
USN-4825-1: Coin3D vulnerability
USN-3356-1 fix a vulnerability in Expat. This update provides the corresponding update for Coin3D for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM...
USN-4824-1: Varnish vulnerability
It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information...