10800 matches found
USN-7496-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers;...
USN-7496-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers;...
USN-7497-1: CarrierWave vulnerabilities
Rikita Ishikawa discovered that CarrierWave did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-21305 Norihide Saito discovered that CarrierWave did not correctly...
USN-7490-2: libsoup regression
USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request...
USN-7488-1: Python vulnerabilities
It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack. This issue only affected python 2.7 and python3.4 on Ubuntu 14.04 LTS; python2.7 on Ubuntu 16.04 LTS; python2.7,...
USN-7495-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ceph distributed file system; - Netfilter; CVE-2023-52664, CVE-2024-26689, CVE-2023-52927...
USN-7495-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ceph distributed file system; - Netfilter; CVE-2023-52927, CVE-2023-52664, CVE-2024-26689...
USN-7494-3: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Netfilter; CVE-2023-52664, CVE-2023-52927...
USN-7494-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Netfilter; CVE-2023-52927, CVE-2023-52664...
USN-7494-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Netfilter; CVE-2023-52664, CVE-2023-52927...
USN-7493-1: Linux kernel (Raspberry Pi) vulnerabilities
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; CVE-2024-58081...
USN-7492-2: Linux kernel (Real-time) vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; CVE-2024-56653...
USN-7492-1: Linux kernel vulnerability
A security issues was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; CVE-2024-56653...
USN-7490-1: libsoup vulnerabilities
Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. CVE-2025-32906 Alon Zahavi discovered that libsoup incorrectly parse...
USN-7491-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - USB Type-C Connector System Software Interface driver; - Timer subsystem; CVE-2025-21902, CVE-2025-21813...
USN-7489-1: Linux kernel vulnerability
One security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Timer subsystem; CVE-2025-21813...
USN-7486-1: FastCGI vulnerability
It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
USN-7485-1: LibRaw vulnerabilities
It was discovered that LibRaw could be made to read out of bounds. An attacker could possibly use this issue to cause applications using LibRaw to crash, resulting in a denial of service. CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964...
USN-7484-1: OpenJDK 24 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An...
USN-7483-1: OpenJDK 21 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 21 incorrectly handled compiler transformations. An...
USN-7482-1: OpenJDK 17 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An...
USN-7481-1: OpenJDK 11 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An...
USN-7480-1: OpenJDK 8 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An...
USN-7479-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.42 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. Ubuntu 25.04 has been updated to MySQL 8.4.5. In addition to...
USN-7476-1: Scrapy vulnerabilities
It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...
USN-7478-1: Corosync vulnerability
It was discovered that Corosync incorrectly handled certain large UDP packets. If encryption is disabled, or an attacker knows the encryption key, this issue could be used to cause Corosync to crash, resulting in a denial of service...
USN-7477-1: c-ares vulnerability
It was discovered that c-ares incorrectly handled re-enqueuing certain queries. A remote attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service...
USN-7475-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
USN-7461-3: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - File systems infrastructure; - Ext4 file system; - Network file system NFS server...
USN-7474-1: Docker vulnerabilities
Cory Snider discovered that Docker incorrectly handled networking packet encapsulation. An attacker could use this issue to inject internet packets in established connection, possibly causing a denial of service or bypassing firewall protections. This issue only affected Ubuntu 22.04 LTS, Ubuntu...
USN-7472-1: Micropython vulnerabilities
Junwha Hong and Wonil Jang discovered that Micropython incorrectly handled the length of a buffer in mpvfsumount, leading to a heap-based buffer overflow vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to...
USN-7473-1: Ghostscript vulnerability
It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation...
USN-7315-2: PostgreSQL vulnerability
USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perfo...
USN-7469-4: H2O vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...
USN-7471-1: poppler vulnerabilities
It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed...
USN-7423-2: GNU binutils vulnerabilities
USN-7423-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash o...
USN-7469-3: Node.js vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issu...
USN-7455-5: Linux kernel (AWS) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
USN-7467-2: libxml2 vulnerabilities
USN-7467-1 fixed several vulnerabilities in libxml2. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use thi...
USN-7469-2: Apache Tomcat vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Apache Tomcat. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use thi...
USN-7469-1: Apache Traffic Server vulnerability
It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service...
USN-7468-1: Linux kernel (Azure, N-Series) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...
USN-7459-2: Linux kernel (GCP) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
USN-7467-1: libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. CVE-2025-32414 It was discovered that libxml2 incorrectly handled certain memory operations. A remot...
USN-7465-1: Mistral vulnerabilities
It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-16848 Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH private key...
USN-7466-1: KiCad vulnerabilities
It was discovered that KiCad incorrectly handled memory when opening malicious files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...
USN-7464-1: Jupyter Notebook vulnerability
It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service ReDoS...
USN-7455-4: Linux kernel (Oracle) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
USN-7449-2: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7463-1: Linux kernel (IBM) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Attila Szász discovered that the HFS+ file system...