10888 matches found
USN-6654-1: Roundcube Webmail vulnerability
It was discovered that Roundcube Webmail incorrectly sanitized characters in the linkrefs text messages. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2023-43770...
USN-6653-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6652-1: Linux kernel (Azure) vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
USN-6651-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6650-1: Linux kernel (OEM) vulnerability
Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service system crash...
USN-6649-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-1547, CVE-2024-1548,...
USN-6648-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51781 Zhenghan Wang discover...
USN-6647-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6584-2: Libspf2 vulnerabilities
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS. We apologize for the inconvenience. Original advisory details: Philipp Jeitner and Haya Shulman discovered...
USN-6646-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6645-1: Linux kernel vulnerability
It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service memory exhaustion...
USN-6625-3: Linux kernel (Raspberry Pi) vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
USN-6644-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. CVE-2023-52356 It was discovered that LibTIFF incorrectly...
USN-6643-1: NPM IP vulnerability
Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery SSRF attacks...
USN-6642-1: Bind vulnerabilities
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. CVE-2023-4408 Elias Heftrig, Haya Schulmann,...
USN-6641-1: curl vulnerability
Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains...
USN-6626-3: Linux kernel (Azure) vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6640-1: shadow vulnerability
It was discovered that shadow was not properly sanitizing memory when running the password utility. An attacker could possibly use this issue to retrieve a password from memory, exposing sensitive information...
USN-6639-1: Linux kernel (OEM) vulnerabilities
It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51780 It was...
USN-6628-2: Linux kernel (Intel IoTG) vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6638-1: EDK II vulnerabilities
Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. CVE-2022-36763, CVE-2022-36764, CVE-2022-36765 It was discovered that a buffer overflows exists in EDK2's Network...
USN-6636-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20290 Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent featur...
USN-6629-3: UltraJSON vulnerabilities
USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash...
USN-6635-1: Linux kernel (GCP) vulnerabilities
It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lucas...
USN-6608-2: Linux kernel (NVIDIA) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...
USN-6626-2: Linux kernel vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6629-2: UltraJSON vulnerability
USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash...
USN-6629-1: UltraJSON vulnerabilities
It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2021-45958 Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An...
USN-6634-1: .NET vulnerabilities
Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21386 Bahaa Naamneh discovered that .NET with OpenSSL support did not properly parse X509 certificates. An attacker could...
USN-6633-1: Bind vulnerabilities
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. CVE-2023-4408 Elias Heftrig, Haya Schulmann,...
USN-6632-1: OpenSSL vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2023-5678 Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malform...
USN-6631-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-6630-1: Glance_store vulnerability
It was discovered that Glancestore incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain accesskey values...
USN-6628-1: Linux kernel (Intel IoTG) vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6625-2: Linux kernel (GCP) vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
USN-6627-1: libde265 vulnerabilities
It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241,...
USN-6626-1: Linux kernel vulnerabilities
Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-32250, CVE-2023-32252, CVE-2023-32257...
USN-6625-1: Linux kernel vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
USN-6624-1: Linux kernel vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service paravirtualized device unavailability. CVE-2023-34324 Zheng Wang discovered...
LSN-0100-1: Kernel Live Patch Security Notice
It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary...
USN-6610-2: Firefox regressions
USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potential...
USN-6609-3: Linux kernel (Oracle) vulnerabilities
Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...
USN-6623-1: Django vulnerability
It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service...
USN-6592-2: libssh vulnerabilities
USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this...
USN-6622-1: OpenSSL vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2023-5678 Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC...
USN-6621-1: ImageMagick vulnerability
It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service...
USN-6587-4: X.Org X Server regression
USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...
USN-6620-1: GNU C Library vulnerabilities
It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges...
USN-6619-1: runC vulnerability
Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions...
USN-6591-2: Postfix update
USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory detail...