10800 matches found
USN-7247-1: OpenCV vulnerabilities
It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could possibly use this issue to make OpenCV crash, resulting in a denial of service. This issue only...
USN-7251-1: HarfBuzz vulnerability
It was discovered that HarfBuzz incorrectly handled shaping certain fonts. A remote attacker could possibly use this issue to cause HarfBuzz to consume resources, leading to a denial of service...
USN-7250-1: Netdata vulnerabilities
It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...
USN-7238-2: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; - VMware vSockets driver; CVE-2024-53103, CVE-2024-53164...
USN-7235-2: Linux kernel (Azure) Unknown kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; - VMware vSockets driver; CVE-2024-53164, CVE-2024-53103, CVE-2024-53141...
USN-7234-2: Linux kernel (HWE) vulnerabilities
Ye Zhang and Nicolas Wu discovered that the iouring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-7233-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Multiple devices driver; - Network drivers; - Mellanox network drivers; - S/390 drivers; - SCSI subsystem; - Sonic...
USN-7246-1: jQuery vulnerabilities
It was discovered that jQuery incorrectly handled parsing untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...
USN-7245-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.41 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug...
USN-7242-1: Tomcat vulnerability
Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. A remote attacker could possibly use this issue to execute arbitrary code...
USN-7244-1: Jinja2 vulnerabilities
It was discovered that Jinja2 incorrectly handled certain filenames when compiling template content. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-56201 It was discovered that Jinja2 incorrectly handled string formatting calls. An attacker could possibly use this...
USN-7243-1: VLC vulnerability
It was discovered that VLC incorrectly handled memory when reading an MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-7236-2: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; - VMware vSockets driver; CVE-2024-53164, CVE-2024-53103, CVE-2024-53141...
USN-7241-1: Bind vulnerabilities
Toshifumi Sakaguchi discovered that Bind incorrectly handled many records in the additional section. A remote attacker could possibly use this issue to cause Bind to consume CPU resources, leading to a denial of service. CVE-2024-11187 Jean-François Billaud discovered that the Bind DNS-over-HTTPS...
USN-7157-3: PHP vulnerabilities
USN-7157-1 fixed vulnerabilities in PHP versions 7.4, 8.1, and 8.3. This update provides the corresponding updates for PHP version 7.0. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker...
USN-7240-1: libxml2 vulnerabilities
It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-49043 It was discovered that the libxml2 xmllint tool incorrectly handled...
USN-7239-1: libmicrodns vulnerabilities
It was discovered that libmicrodns could recursively follow the same compression pointer, leading to an infinite loop. An attacker could possibly use this issue to cause a denial of service. CVE-2020-6071 It was discovered that libmicrodns did not check the return value of the rrdecode function,...
USN-7238-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; - VMware vSockets driver; CVE-2024-53103, CVE-2024-53164...
USN-7237-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Netfilter; - Network traffic control; - VMware vSockets driver; CVE-2024-47715, CVE-2024-53103,...
USN-7236-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; - VMware vSockets driver; CVE-2024-53164, CVE-2024-53103, CVE-2024-53141...
USN-7235-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; - VMware vSockets driver; CVE-2024-53164, CVE-2024-53103, CVE-2024-53141...
USN-7234-1: Linux kernel vulnerabilities
Ye Zhang and Nicolas Wu discovered that the iouring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-7233-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Multiple devices driver; - Network drivers; - Mellanox network drivers; - S/390 drivers; - SCSI subsystem; - Sonic...
USN-7232-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-53141...
USN-7231-1: Tcpreplay vulnerabilities
It was discovered that Tcpreplay incorrectly handled memory when using the tcprewrite utility. A remote attacker could possibly use this issue to cause Tcpreplay to crash, resulting in a denial of service. CVE-2023-27783 It was discovered that Tcpreplay incorrectly validated external input. A...
USN-7206-3: rsync vulnerabilities
USN-7206-1 fixed vulnerabilities in Ubuntu 14.04 LTS to Ubuntu 24.04 LTS. This update provides the corresponding updates for Ubuntu 24.10. Original advisory details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker coul...
USN-7179-4: Linux kernel (Xilinx ZynqMP) vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...
USN-7230-2: FRR vulnerabilities
Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2024-44070 It was discovered that FRR re-validated all routes in...
USN-7230-1: Quagga vulnerability
Iggy Frankovic discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service...
USN-7229-1: ClamAV vulnerability
It was discovered that ClamAV incorrectly handled decrypting OLE2 content. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
USN-7228-1: LibreOffice vulnerabilities
Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...
USN-7227-1: PCL vulnerability
It was discovered that PCL incorrectly handled certain malformed files. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly exploit this to cause a denial of service...
USN-7226-1: Cacti vulnerability
It was discovered that Cacti did not properly sanitize the 'pollerid' parameter in the "remoteagent.php" file. A remote attacker could possibly use this issue to achieve remote code execution...
USN-7205-2: Django vulnerability
USN-7205-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that Django incorrectly handled certain IPv6 strings. An attacker could possibly use this issue to cause a denial of service...
USN-7225-1: HTMLDOC vulnerabilities
It was discovered that HTMLDOC incorrectly handled memory in the imagesetmask, gitreadlzw, writeheader and writenode functions, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected...
USN-7224-1: Cyrus IMAP Server vulnerabilities
It was discovered that non-authentication-related HTTP requests could be interpreted in an authentication context by a Cyrus IMAP Server when multiple requests arrived over the same connection. An unauthenticated attacker could possibly use this issue to perform a privilege escalation attack. Thi...
USN-7223-1: OpenJPEG vulnerabilities
Frank Zeng discovered that OpenJPEG incorrectly handled memory when using the decompression utility. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-56826, CVE-2024-56827...
USN-7222-1: BlueZ vulnerabilities
Lucas Leong discovered that BlueZ incorrectly handled the Phone Book Access profile. If a user were tricked into connecting to a malicious Bluetooth device, a remote attacker could possibly use this issue to execute arbitrary code...
USN-7221-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Bluetooth drivers; CVE-2024-53238, CVE-2024-56757...
USN-7220-1: Vim vulnerability
It was discovered that Vim incorrectly handled memory when closing buffers with the visual mode active. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-7219-1: Python vulnerability
It was discovered that Python incorrectly handled asyncio write buffers. A remote attacker could possibly use this issue to cause Python to consume memory, leading to a denial of service...
USN-7218-1: Python vulnerability
It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery SSRF attack...
USN-7166-4: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...
USN-7217-1: PoDoFo library vulnerabilities
It was discovered that the PoDoFo library could dereference a NULL pointer when getting the number of pages in a PDF. If a user or application were tricked into opening a crafted PDF file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.0...
USN-7216-1: tqdm vulnerability
It was discovered that tqdm did not properly sanitize non-boolean CLI Arguments. A local attacker could possibly use this issue to execute arbitrary code on the host. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-34062...
USN-7206-2: rsync regression
USN-7206-1 fixed vulnerabilities in rsync. The update introduced a regression in rsync. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. ...
USN-7215-1: libxml2 vulnerability
Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could possibly use this issue to perform XML External Entity XXE attacks...
USN-7214-1: HarfBuzz vulnerability
It was discovered that HarfBuzz incorrecty handled certain memory operations. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-7213-1: poppler vulnerability
It was discovered that poppler incorrectly handled memory when opening certain PDF files. An attacker could possibly use this issue to cause denial of service or obtain sensitive information...
USN-7212-1: Python 2.7 vulnerabilities
It was discovered that Python incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2019-9674 It was discovered that Python incorrectly handled certain inputs. If a user or an automated system...