10869 matches found
USN-8396-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...
USN-8394-1: YARD vulnerability
It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...
USN-8387-1: Inetutils vulnerabilities
It was discovered that the Inetutils telnet daemon incorrectly handled the CREDENTIALSDIRECTORY environment variable. An attacker could possibly use this issue to escalate privileges. CVE-2026-28372 It was discovered that the Inetutils telnet daemon did not properly validate buffer bounds when...
USN-8393-1: Linux kernel (Azure FIPS) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8361-2: Linux kernel (FIPS) vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Packet sockets; CVE-2026-31504...
USN-8392-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8391-1: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8390-1: Linux kernel vulnerability
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8389-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8388-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8386-1: Nano vulnerabilities
Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the /.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or othe...
USN-8385-1: Robocode vulnerabilities
It was discovered that Robocode could be tricked into making network requests to attacker-controlled systems. An attacker could possibly use this issue to cause external service interaction, resulting in information disclosure. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...
USN-8383-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. CVE-2026-43512 It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use...
USN-8384-1: Apache HTTP Server vulnerability
It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...
USN-8253-2: Postfix vulnerability
USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....
USN-8382-1: Exim vulnerabilities
Timo Longin discovered that Exim incorrectly handled certain SMTP messages in PIPELINING/CHUNKING configurations. A remote attacker could possibly use this issue to perform SMTP smuggling. This issue only affected Ubuntu 14.04 LTS. CVE-2023-51766 It was discovered that Exim incorrectly handled...
USN-8380-1: Twisted vulnerability
It was discovered that Twisted incorrectly handled DNS name decompression. A remote attacker could possibly use this issue to cause Twisted to consume excessive resources, leading to a denial of service...
USN-8379-1: urllib3 vulnerabilities
It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-44431 It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote...
USN-8378-1: libwww-perl vulnerability
It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain sensitive information by causing Authorization headers to be sent to a different host...
USN-8377-1: Template-Toolkit vulnerability
It was discovered that Template-Toolkit did not properly escape single quotes in the htmlfilter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output...
USN-8376-1: FRR vulnerabilities
It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2026-28532 It was discovered that FRR incorrectly handled certain BGP FlowSpec component...
USN-8344-3: pip vulnerability
USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attack...
USN-8363-2: MySQL vulnerabilities
USN-8363-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been...
USN-8375-1: nginx vulnerabilities
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...
USN-8348-1: GoBGP vulnerabilities
It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. CVE-2026-37461 Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP...
USN-8282-2: Unbound vulnerabilities
USN-8282-1 fixed vulnerabilities in Unbound. This update provides the corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Andr...
USN-8374-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8373-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8372-1: age vulnerability
It was discovered that age did not properly validate plugin names. An attacker could possibly use this issue to cause execution of an arbitrary program by supplying a crafted recipient or identity string...
USN-8371-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8238-2: EditorConfig vulnerability
USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Original advisory details: It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A...
USN-8370-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8369-1: Apache Tomcat Connectors vulnerability
It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...
USN-8368-1: libeconf vulnerability
It was discovered that libeconf did not properly check the size of input when copying data to a buffer. An attacker could possibly use this issue to cause libeconf to crash, resulting in a denial of service...
USN-8367-1: tar-fs vulnerabilities
It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-12905 It was...
USN-8366-1: Luanti vulnerabilities
It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...
USN-8365-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...
USN-8364-1: Apache Commons Lang vulnerability
It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass method. An attacker could possibly use this issue to cause Apache Commons Lang to crash, resulting in a denial of service...
USN-8363-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.46 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Ubuntu 25.10 and Ubuntu 26.04 LTS have been updated to MySQL 8.4.9. In addition to security fixes,...
USN-8130-2: GStreamer Base Plugins vulnerability
USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use th...
USN-8362-1: XZ Utils vulnerability
It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...
USN-8361-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Packet sockets; CVE-2026-31504...
USN-8209-2: Little CMS vulnerability
USN-8209-1 fixed vulnerabilities in Little CMS. This update contains the fixes for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use thi...
USN-8360-1: sslh vulnerability
It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...
USN-8359-1: NNCP vulnerability
It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...
USN-8358-1: haveged vulnerability
It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use this issue to execute privileged commands...
USN-8055-2: Evolution Data Server vulnerability
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...
USN-8357-1: Qt Declarative vulnerability
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...
USN-8356-1: GNU SASL vulnerability
It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...
USN-8355-1: SSSD vulnerability
It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service...