10923 matches found
USN-4578-1: Linux kernel vulnerabilities
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Wen Xu discover...
USN-4576-1: Linux kernel vulnerabilities
Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Jay Shin...
USN-4575-1: dom4j vulnerability
It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE-2020-10683...
USN-4574-1: libseccomp-golang vulnerability
It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...
USN-4572-2: Spice vulnerability
USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial ...
USN-4573-1: Vino vulnerabilities
Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. CVE-2014-6053 It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could...
USN-4572-1: Spice vulnerability
Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4571-1: rack-cors vulnerability
It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...
USN-4564-1: Apache Tika vulnerabilities
It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service crash. CVE-2020-1950, CVE-2020-1951...
USN-4566-1: Cyrus IMAP Server vulnerabilities
It was dicovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. CVE-2019-11356 It was discovered that the Cyrus IMA...
USN-4570-1: urllib3 vulnerability
It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...
USN-4567-1: OpenDMARC vulnerability
It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters...
USN-4569-1: Yaws vulnerabilities
It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...
USN-4565-1: OpenConnect vulnerability
It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service crash...
USN-4568-1: Brotli vulnerability
It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash...
USN-4563-1: NTP vulnerability
It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service crash...
USN-4562-1: kramdown vulnerability
It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code...
USN-4561-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. CVE-2020-8161 It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. CVE-2020-8184...
USN-4560-1: Gon gem vulnerability
It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack...
USN-4559-1: Samba update
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changin...
USN-4558-1: libapreq2 vulnerabilities
It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...
USN-4557-1: Tomcat vulnerabilities
It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...
USN-4556-1: netqmail vulnerabilities
It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. CVE-2005-1513, CVE-2005-1514, CVE-2005-1515 It was discovered that netqmail did not properly handle certain inp...
USN-4547-2: SSVNC vulnerabilities
It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-202...
USN-4554-1: libPGF vulnerability
It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service...
USN-4552-1: Pam-python vulnerability
Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...
USN-4553-1: Teeworlds vulnerability
It was discovered that Teeworlds server did not properly handler certain network traffic. A remote, unauthenticated attacker could use this vulnerability to cause Teeworlds server to crash...
USN-4551-1: Squid vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15049 Amit Klein discovered that Squid incorrectly validated...
USN-4550-1: DPDK vulnerabilities
Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host...
USN-4547-1: iTALC vulnerabilities
It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. CVE-2019-15681 It was discovered that the LibVNCServer and LibVNCClient...
USN-4549-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. CVE-2019-1994...
USN-4548-1: libuv vulnerability
It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-3968-3: Sudo vulnerabilities
USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...
USN-4546-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting XSS attacks, spoof the site displayed in the download dialog, or execute...
USN-4545-1: libquicktime vulnerabilities
It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service resource exhaustion. CVE-2017-9122 It was discovered that libquicktime...
USN-4541-1: Gnuplot vulnerabilities
Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the dfgenerateasciiarrayentry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitra...
USN-4543-1: Sanitize vulnerability
Michał Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2020-4054...
USN-4542-1: MiniUPnPd vulnerabilities
It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. CVE-2019-12107 It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue...
USN-4527-1: Linux kernel vulnerabilities
It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-19054 It was discovered that the Atheros HTC based wireless...
USN-4540-1: atftpd vulnerabilities
Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...
USN-4539-1: AWL vulnerability
Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate a session. CVE-2020-11728...
USN-4536-1: SPIP vulnerabilities
Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2019-16392 Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could...
USN-4538-1: PackageKit vulnerabilities
Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. CVE-2020-16121 Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use...
USN-4537-1: Aptdaemon vulnerability
Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files...
USN-4525-1: Linux kernel vulnerabilities
It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...
USN-4535-1: RDFLib vulnerability
Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. CVE-2019-7653...
USN-4534-1: Perl DBI module vulnerability
It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information...
USN-4526-1: Linux kernel vulnerabilities
It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...
USN-4533-1: LTSP Display Manager vulnerabilities
Veeti Veteläinen discovered that the LTSP Display Manager ldm incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges. CVE-2019-20373...
USN-4532-1: Netty vulnerabilities
It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. CVE-2019-16869 It was discovered that Netty incorrectly handled certain...