10889 matches found
USN-6410-1: GRUB2 vulnerabilities
It was discovered that a specially crafted file system image could cause a heap-based out-of-bounds write. A local attacker could potentially use this to perform arbitrary code execution bypass and bypass secure boot protections. CVE-2023-4692 It was discovered that a specially crafted file syste...
USN-6386-3: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6409-1: GNU C Library vulnerabilities
It was discovered that the GNU C Library incorrectly handled the GLIBCTUNABLES environment variable. An attacker could possibly use this issue to perform a privilege escalation attack. CVE-2023-4911 It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system...
USN-6408-1: libXpm vulnerabilities
Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image files. If a user were tricked into opening a specially crafted XPM image file, a remote attacker could possibly use this issue to consume memory, leading to a denial of service. CVE-2023-43786 Yair Mizrahi...
USN-6407-1: libx11 vulnerabilities
Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-6406-1: SpiderMonkey vulnerabilities
Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...
USN-6405-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
USN-6404-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-5169, CVE-2023-5170,...
USN-6403-1: libvpx vulnerabilities
It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
USN-6402-1: LibTomMath vulnerability
It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial of service DoS...
USN-6386-2: Linux kernel (Raspberry Pi) vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6369-2: libwebp vulnerability
USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted imag...
USN-6400-1: Python vulnerability
It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...
USN-6399-1: Puma vulnerability
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...
USN-6398-1: ReadyMedia vulnerabilities
It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-26505 It was...
USN-6387-2: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6397-1: Linux kernel (BlueField) vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Ruihan Li discovered that the bluetooth subsystem ...
USN-6396-1: Linux kernel vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Daniel Moghimi discovered that some IntelR Processors...
USN-6361-2: CUPS vulnerability
USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain...
USN-6365-2: Open VM Tools vulnerability
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...
USN-6190-2: AccountsService vulnerability
USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker...
USN-6360-2: FLAC vulnerability
USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause...
USN-6395-1: GNOME Shell vulnerability
Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information...
USN-6394-1: Python vulnerability
It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-6391-2: CUPS vulnerability
USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a...
USN-6393-1: ImageMagick vulnerability
It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash...
USN-6392-1: libppd vulnerability
It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-6391-1: CUPS vulnerability
It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-6390-1: Bind vulnerabilities
It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2023-3341 Robert Story discovered that Bind incorrectly handled certai...
USN-6389-1: Indent vulnerability
It was discovered that Indent incorrectly handled parsing certain source files. If a user or automated system were tricked into processing a specially crafted source file, a remote attacker could use this issue to cause Indent to crash, resulting in a denial of service, or possibly execute...
USN-6388-1: Linux kernel vulnerabilities
Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Yang Lan discovered that the GFS2 file system...
USN-6387-1: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6386-1: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6385-1: Linux kernel (OEM) vulnerabilities
It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 William Zhao discovered that the Traffic Control TC...
USN-6384-1: Linux kernel (OEM) vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 Lonial Con discover...
USN-6383-1: Linux kernel vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...
USN-6382-1: Memcached vulnerability
It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service...
USN-6380-1: Node.js vulnerabilities
Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...
USN-6381-1: GNU binutils vulnerabilities
It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...
USN-6339-4: Linux kernel (Intel IoTG) vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...
USN-6379-1: vsftpd vulnerability
It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another...
USN-6378-1: Django vulnerability
It was discovered that Django incorrectly handled certain URIs with a very large number of Unicode characters. A remote attacker could possibly use this issue to cause Django to consume resources or crash, leading to a denial of service...
USN-6377-1: LibRaw vulnerability
It was discovered that LibRaw incorrectly handled certain photo files. If a user o automated system were tricked into processing a specially crafted photo file, a remote attacker could possibly cause applications linked against LibRaw to crash, resulting in a denial of service...
USN-6376-1: c-ares vulnerability
It was discovered that c-ares incorrectly parsed certain SOA replies. A remote attacker could possibly use this issue to cause c-res to crash, resulting in a denial of service...
USN-6375-1: atftp vulnerability
Florian Fainelli discovered that atftp did not properly manage requests made to a non-existent file, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service...
USN-6374-1: Mutt vulnerabilities
It was discovered that Mutt incorrectly handled certain email header contents. If a user were tricked into opening a specially crafted message, a remote attacker could possibly use this issue to cause a denial of service. CVE-2023-4874, CVE-2023-4875...
USN-6373-1: gawk vulnerability
It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service...
USN-6372-1: DBus vulnerability
It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...
USN-6371-1: libssh2 vulnerability
It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash...
USN-6370-1: ModSecurity vulnerabilities
It was discovered that ModSecurity incorrectly handled certain nested JSON objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-42717 It was discovered that ModSecurity incorrect...