10888 matches found
USN-6896-1: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...
USN-6895-1: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...
USN-6864-3: Linux kernel (GKE) vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 A security issue was discovere...
USN-6894-1: Apport vulnerabilities
Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. CVE-2021-3899 Gerrit Venema discovered that Apport incorrectly handled connections to...
USN-6893-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. CVE-2024-24857, CVE-2024-24858, CVE-2024-24859 Several security issues we...
USN-6885-2: Apache HTTP Server regression
USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...
USN-6891-1: Python vulnerabilities
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. CVE-2015-20107 It was discovered that Python incorrectly used regular expressions vulnerable to...
USN-6888-2: Django vulnerabilities
USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this...
USN-6866-3: Linux kernel (Azure) vulnerabilities
It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...
USN-6868-2: Linux kernel (AWS) vulnerabilities
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability CVE-2022-0001 were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive...
USN-6892-1: Linux kernel (IBM) vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...
USN-6889-1: .NET vulnerabilities
It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. CVE-2024-30105 Radek Zikmund discovered that .NET did not properly manage memory. An attacker could use this issue to cause a denial of service or...
USN-6890-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-6601, CVE-2024-6604,...
USN-6888-1: Django vulnerabilities
Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. CVE-2024-38875 It was discovered that Django...
USN-6887-1: OpenSSH vulnerability
Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did not work as expected. A remote attacker could possibly use this issue to determine timing information about keystrokes...
USN-6886-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...
USN-6880-1: Tomcat vulnerability
Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks...
USN-6885-1: Apache HTTP Server vulnerabilities
Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2 connections. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2024-36387 Orange Tsai discovered that the Apache...
USN-6884-1: Nova vulnerability
Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6883-1: OpenStack Glance vulnerability
Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6882-1: Cinder vulnerability
Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6881-1: Exim vulnerability
It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending...
USN-6879-1: Virtuoso Open-Source Edition vulnerabilities
Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627,...
USN-6866-2: Linux kernel (Azure) vulnerabilities
It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...
USN-6870-2: Linux kernel (AWS) vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6873-2: Linux kernel (StarFive) vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6864-2: Linux kernel vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 A security issue was discovere...
USN-6872-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924...
USN-6876-1: Kopano Core vulnerabilities
It was discovered that Kopano Core allowed out-of-bounds access. An attacker could use this issue to expose private information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-19907 It was discovered that Kopano Core allowed possible authentication with expired passwords. An attacker could u...
USN-6878-1: Linux kernel (Oracle) vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...
USN-6877-1: LibreOffice vulnerability
It was discovered that LibreOffice incorrectly performed TLS certificate verification when the LibreOfficeKit library is being used by third-party components. A remote attacker could possibly use this issue to obtain sensitive information...
USN-6875-1: Linux kernel (Azure) vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6864-1: Linux kernel vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 A security issue was discovere...
USN-6863-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-26924...
USN-6874-1: Linux kernel (Azure) vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6873-1: Linux kernel vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6872-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924...
USN-6871-1: Linux kernel (HWE) vulnerabilities
It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...
USN-6870-1: Linux kernel vulnerabilities
It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. CVE-2024-21823 Several security issues were...
USN-6869-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-26924, CVE-2024-26643...
USN-6868-1: Linux kernel vulnerabilities
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability CVE-2022-0001 were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive...
USN-6866-1: Linux kernel vulnerabilities
It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...
USN-6305-3: PHP regression
USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive...
USN-6865-1: Linux kernel vulnerabilities
It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...
USN-6862-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-5689, CVE-2024-5690,...
USN-6860-1: OpenVPN vulnerabilities
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. CVE-2024-28882...
USN-6859-1: OpenSSH vulnerability
It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials...
USN-6858-1: eSpeak NG vulnerabilities
It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994...
USN-6851-2: Netplan regression
USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems where systemd is not running. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Andreas Hasenack...
USN-6844-2: CUPS regression
USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rory McNamara...