10888 matches found
USN-7001-1: xmltok library vulnerabilities
Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan...
USN-7000-1: Expat vulnerabilities
Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan discovered that Expat did not properly...
USN-7003-1: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. CVE-2024-40902 Several security issues were discovered in the Linux kernel. An attacker could...
USN-6997-2: LibTIFF vulnerability
USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial...
USN-6999-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 It was discovered that the JFS file system contained an...
USN-6998-1: Unbound vulnerabilities
It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. CVE-2024-43167 It was discovered that Unbound incorrectly handled memory in cfgmarkports, which could...
USN-6997-1: LibTIFF vulnerability
It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service...
USN-6841-2: PHP vulnerability
USN-6841-1 fixed a vulnerability in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user...
USN-6996-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-6995-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
USN-6994-1: Netty vulnerabilities
It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. CVE-2023-34462 It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to...
USN-6991-1: AIOHTTP vulnerability
It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...
USN-6993-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory when closing a window, leading to a double-free vulnerability. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user...
USN-6992-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-8382, CVE-2024-8383,...
USN-6990-1: znc vulnerability
Johannes Kuhn DasBrain discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server...
USN-6989-1: OpenStack vulnerability
Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
USN-6985-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user...
USN-6988-1: Twisted vulnerabilities
Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. CVE-2024-41671 It was discovered that Twisted did not properl...
USN-6987-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. CVE-2024-45230 It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate...
USN-6981-2: Drupal vulnerabilities
USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...
USN-6986-1: OpenSSL vulnerability
David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information...
USN-6973-4: Linux kernel (Raspberry Pi) vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...
USN-6983-1: FFmpeg vulnerability
Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code...
USN-6984-1: WebOb vulnerability
It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL...
USN-6982-1: Dovecot vulnerabilities
It was discovered that Dovecot did not not properly have restrictions on ithe size of address headers. A remote attacker could possibly use this issue to cause denial of service. CVE-2024-23184, CVE-2024-23185...
USN-6972-4: Linux kernel (Oracle) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...
USN-6981-1: Drupal vulnerabilities
It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-13671 It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite...
USN-6973-3: Linux kernel (AWS) vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...
USN-6974-2: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - User-Mode Linux UML; - MMC subsystem; - Network drivers; - GFS2 file system; - IPv4...
USN-6972-3: Linux kernel (Azure) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...
USN-6973-2: Linux kernel (Azure) vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...
USN-6980-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...
USN-6978-1: XStream vulnerabilities
It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. CVE-2016-3674 Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run...
USN-6972-2: Linux kernel (AWS) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...
USN-6979-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...
USN-6977-1: QEMU vulnerabilities
It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. CVE-2024-26327 It was discovered that QEMU did not properly handle certain memory operations, which...
USN-6975-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - User-Mode Linux UML; - MMC subsystem; CVE-2024-39292, CVE-2024-39484...
USN-6974-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - User-Mode Linux UML; - MMC subsystem; - Network drivers; - GFS2 file system; - IPv4...
USN-6973-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...
USN-6972-1: Linux kernel vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...
USN-6971-1: Linux kernel vulnerabilities
It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-37159 A security issue was...
USN-6950-4: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...
USN-6951-4: Linux kernel (BlueField) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...
USN-6965-1: Vim vulnerabilities
It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. CVE-2021-3973 It was discovered that vim incorrectly handled memor...
USN-6966-2: Firefox regressions
USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...
USN-6944-2: curl vulnerability
USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Dov Murik discovered that curl incorrectly handled parsing ASN.1...
USN-6970-1: exfatprogs vulnerability
It was discovered that exfatprogs incorrectly handled certain memory operations. If a user or automated system were tricked into handling specially crafted exfat partitions, a remote attacker could use this issue to cause exfatprogs to crash, resulting in a denial of service, or possibly execute...
USN-6969-1: Cacti vulnerabilities
It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. CVE-2024-25641 It was...
LSN-0106-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work...
USN-6967-1: Intel Microcode vulnerabilities
It was discovered that some Intel® Core™ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. CVE-2023-42667 It was discovered that some Intel® Processors did not properly isolate the stream cache. A local...