10869 matches found
USN-8305-2: Linux kernel (Low Latency) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8278-2: Linux kernel (Azure) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8310-1: Linux kernel (Azure) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8309-1: libssh2 vulnerability
It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...
USN-8167-2: xdg-dbus-proxy vulnerability
USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...
USN-8308-1: Dnsmasq vulnerability
It was discovered that Dnsmasq incorrectly handled BOOTREPLY packets when configured with the --dhcp-split-relay option. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8307-1: ONNX vulnerability
It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...
USN-8306-1: Samba vulnerabilities
Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...
USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8279-3: Linux kernel (NVIDIA Tegra IGX) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8304-1: Vim vulnerabilities
Joshua Rogers discovered that Vim incorrectly handled certain URL schemes in the netrw plugin. An attacker could possibly use this issue to execute arbitrary commands. CVE-2026-42307 It was discovered that Vim incorrectly handled command-line completion for the :find command. An attacker could...
USN-8289-2: Linux kernel (NVIDIA) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8291-3: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - iouring subsystem; CVE-2024-35862, CVE-2024-50060, CVE-2026-23274,...
USN-8296-2: Linux kernel (NVIDIA Tegra) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Drivers core; - Null block device drive...
USN-8302-1: NLTK vulnerabilities
It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...
USN-8301-1: SimpleEval vulnerability
Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code...
USN-8300-1: ngtcp2 vulnerability
Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...
USN-8299-1: Rclone vulnerabilities
It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...
USN-8298-1: .NET vulnerability
Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exit condition. A remote attacker could possibly use this issue to consume excessive resources, resulting in a denial of service...
USN-8279-2: Linux kernel (GCP) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8297-1: Linux kernel (GCP) vulnerabilities
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...
USN-8280-2: Linux kernel (Azure)vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8281-2: Linux kernel (Azure) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8277-2: Linux kernel (Oracle) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8291-2: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - iouring subsystem; CVE-2024-35862, CVE-2024-50060, CVE-2026-23274,...
USN-8296-1: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Drivers core; - Null block device drive...
USN-8295-1: Evince vulnerability
It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...
USN-8294-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...
USN-8293-1: Bind vulnerabilities
Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...
USN-8292-1: libarchive vulnerabilities
It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. CVE-2026-4424 It was discovered that libarchive incorrectly handled certain ISO...
USN-8291-1: Linux kernel (Intel IoTG Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Netfilter; - iouring subsystem; CVE-2024-35862, CVE-2024-50060, CVE-2026-23274,...
USN-8290-1: Path-to-Regexp vulnerability
It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular...
USN-8202-3: jq regression
USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...
USN-8289-1: Linux kernel (NVIDIA) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8288-1: Bubblewrap vulnerability
It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issue to bypass sandbox restrictions...
USN-8287-1: XDG Desktop Portal vulnerability
It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...
USN-8286-1: OpenVPN vulnerabilities
Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2026-35058 Guannan Wang, Zhanpe...
USN-8285-1: GStreamer Good Plugins vulnerability
It was discovered that GStreamer Good Plugins incorrectly handled certain MOV/MP4 media files. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8284-1: GnuTLS vulnerabilities
Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. CVE-2026-33845 Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered th...
USN-8283-1: rsync vulnerabilities
Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.1...
USN-8282-1: Unbound vulnerabilities
Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. CVE-2026-32792 Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation in certa...
USN-8281-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8280-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8279-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8278-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8277-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8276-1: Highlight.js vulnerability
It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour...
USN-8275-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...
USN-8255-3: Linux kernel vulnerabilities
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...
USN-8254-3: Linux kernel (NVIDIA Tegra) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - Netfilter; CVE-2026-23112, CVE-2026-23231, CVE-2026-23273...