10918 matches found
USN-4823-1: Mosquitto vulnerability
It was discovered that Mosquitto incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...
USN-4822-1: Firebird vulnerability
It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...
USN-4821-1: openpyxl vulnerability
It was discovered that openpyxl incorrectly handled certain documents. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact...
USN-4820-1: S-nail vulnerability
It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges...
USN-4819-1: Leptonica vulnerabilities
It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. CVE-2017-18196 It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could...
USN-4817-1: HDF5 vulnerabilities
It was discovered that HDF5 incorrectly handled certain hdf5 files. An attacker could possibly use this issue to cause a denial of service...
USN-4816-1: game-music-emu vulnerability
It was discovered that game-music-emu mishandled certain crafted input. A remote attacker could use this vulnerability to cause game-music-emu to crash...
USN-4815-1: xrdp vulnerabilities
It was discovered that xrdp did not properly validate certain input in the session manager. A local attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2017-16927 It was discovered that xrdp did not properly initialize PAM session modules. A remote...
USN-4814-1: Asterisk vulnerabilities
Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote attacker could use this vulnerability to cause a denial of service crash or potentially execute arbitrary code. CVE-2017-16671 Alex Villacis Lasso...
USN-4813-1: Jackson Databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. CVE-2018-11307, CVE-2019-12086, CVE-2019-12814 It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could...
USN-4812-1: libbson vulnerabilities
It was discovered that libbson incorrectly validated input length. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. CVE-2017-14227 It was discovered that libbson incorrectly handled certain specially crafted bson buffers. An attack...
USN-4811-1: libzip vulnerability
It was discovered that libzip mishandled certain malformed ZIP archives. A remote attacker could use this vulnerability to cause a denial of service...
USN-3421-2: Libidn2 vulnerability
USN-3421-1 fixed a vulnerability in Libidn2. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM...
USN-4809-1: VideoLAN x265 vulnerability
It was discovered that VideoLAN x265 mishandled certain memory-allocation inputs. An attacker could use this vulnerability to cause a denial of service crash...
USN-4808-1: Tinyproxy vulnerability
It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...
USN-4807-1: WildMIDI vulnerabilities
It was discovered that WildMIDI incorrectly handled certain MID files. A remote attacker could possibly use this issue to cause a denial of service...
USN-4805-1: VLC vulnerabilities
It was discovered that VLC mishandled certain crafted media files. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2017-10699 It was discovered that VLC mishandled certain crafted MKV...
USN-4804-1: Puppet vulnerabilities
It was discovered that Puppet installed modules with world writable permissions. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service. CVE-2017-10689 It was discovered that Puppet could be used to force YAML deserialization in an unsafe manner. A remote...
USN-4803-1: Gifsicle vulnerabilities
It was discovered that Gifsicle did not properly handle certain input. If a user were tricked into opening a malicious GIF, an attacker could potentially execute arbitrary code...
USN-4802-1: HTSlib vulnerabilities
It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2017-1000206 It was discovered that HTSlib incorrectly handled certain files. An attacker could possibly use this iss...
USN-4801-1: ROOT vulnerability
It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code...
USN-4800-1: Lynx vulnerabilities
It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. CVE-2016-9179 It was discovered that Lynx incorrectly handled certain HTML files. A...
USN-4799-1: R vulnerability
It was discovered that a buffer overflow in R causes memory corruption. An attacker could possibly use this to cause a denial of service or execute arbitrary code...
USN-4798-1: libgit2 vulnerabilities
It was discovered that libgit2 mishandled certain malformed git objects. A remote attacker could use this vulnerability to cause a denial of service...
USN-4796-1: Node.js vulnerabilities
Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...
USN-4795-1: Apache Groovy vulnerability
It was discovered that Apache Groovy incorrectly handled serialization mechanisms. An attacker could possibly use this issue to execute arbitrary code...
USN-4794-1: libupnp vulnerabilities
Matthew Garrett discovered that libupnp mishandled POST requests by default. An attacker could use this vulnerability to write files to arbitrary locations in the victim's filesystem, possibly as root. CVE-2016-6255 It was discovered that libupnp mishandled certain input. A remote attacker could...
USN-4793-1: collectd vulnerabilities
It was discovered that collectd mishandled certain malformed packets. A remote attacker could use this vulnerability to cause collectd to crash or possibly execute arbitrary code. CVE-2016-6254 It was discovered that collectd failed to handle certain input. An attacker could use this vulnerabilit...
USN-4792-1: FreeIPA vulnerabilities
It was discovered that FreeIPA incorrectly handled certificates. An attacker could possibly use this issue to cause a denial of service by revoking arbitrary certificates This issue only affected Ubuntu 16.04 ESM. CVE-2016-5404 It was discovered that FreeIPA incorrectly handled authentication...
USN-4791-1: Apache Tomcat 7 vulnerabilities
It was discovered that Apache Tomcat 7 did not protect applications from the presence of untrusted client data in an environment variable. A remote attacker could possible use this vulnerability to redirect the traffic to an arbitrary proxy and obtain sensitive information. CVE-2016-5388 It was...
USN-4790-1: libtorrent vulnerability
It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service...
USN-4789-1: Apache ZooKeeper vulnerabilities
It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2016-5017 It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could...
USN-4788-1: iperf3 vulnerability
It was discovered that iperf mishandled certain UTF-8 and UTF-16 strings. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...
USN-4787-1: jq vulnerability
It was discovered that jq did not perform sufficient bounds checking, resulting in unbounded resource consumption. An attacker could use this vulnerability to cause a denial of service...
USN-4786-1: Moment.js vulnerabilities
It was discovered that Moment.js mishandled certain regular expressions. An attacker could use this vulnerability to cause a denial of service...
USN-4785-1: npm vulnerability
It was discovered that the npm command-line interface mishandled certain sensitive information. An attacker could use this vulnerability to collect authentication information that could be used to impersonate other users...
USN-4784-1: Xerces-C++ vulnerabilities
It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...
USN-4783-1: minimatch vulnerability
It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of service...
USN-4779-1: Gettext vulnerability
Danilo Segan discovered that Gettext mishandled certain input. An attacker could use this vulnerability to execute arbitrary code...
USN-4778-1: OCaml vulnerabilities
It was discovered that OCaml mishandled sign extensions. A remote attacker could use this vulnerability to steal sensitive information, cause a denial of service crash, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. CVE-2015-8869 It was discovered that OCaml...
USN-4777-1: node-tar vulnerability
It was discovered that node-tar mishandled certain tar archives. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4776-1: semver vulnerability
It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...
USN-4775-1: Lighttpd vulnerabilities
It was discovered that Lighttpd did not properly sanitized the string used in basic HTTP authentication method. A remote attacker could use this to inject arbitrary log entries and maybe obtain sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2015-3200 It...
USN-4773-1: Drupal vulnerabilities
It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely compromise a Drupal site. CVE-2018-7600, CVE-2018-7602 It was discovered that password reset URLs in Drupal could be forged. An attacker could use...
USN-4772-1: VNC4 vulnerabilities
USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. CVE-2015-0255 USN-2726-1 addressed CVE-2015-1283 for Expat. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ES...
USN-4771-1: HTCondor vulnerabilities
It was discovered that HTCondor incorrectly invoked the mailx utility. An attacker could use this vulnerability to execute arbitrary commands. This issue only affected Ubuntu 14.04 ESM. CVE-2014-8126 It was discovered that HTCondor mishandled certain crafted input. An attacker could use this...
USN-4770-1: GlusterFS vulnerabilities
It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...
USN-4769-1: Salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...
USN-4768-1: musl vulnerabilities
It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...
USN-4766-1: Apache Commons BeanUtils vulnerabilities
It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code...