10888 matches found
USN-6277-2: Dompdf vulnerabilities
USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibl...
USN-6282-1: Velocity Tools vulnerability
Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...
USN-6281-1: Velocity Engine vulnerability
Alvaro Munoz discovered that Velocity Engine incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...
USN-6280-1: PyPDF2 vulnerability
It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service...
USN-6243-2: Graphite-Web regression
USN-6243-1 fixed vulnerabilities in Graphite-Web. It was discovered that the applied fix was incomplete. This update fixes the problem. Original advisory details: It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
USN-4336-3: GNU binutils vulnerabilities
USN-4336-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a...
USN-6279-1: OpenSSH update
It was discovered that OpenSSH has an observable discrepancy leading to an information leak in the algorithm negotiation. This update mitigates the issue by tweaking the client hostkey preference ordering algorithm to prefer the default ordering if the user has a key that matches the...
USN-6278-1: .NET vulnerabilities
It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. CVE-2023-35390 Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could...
USN-6277-1: Dompdf vulnerabilities
It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2014-5011,...
USN-6267-2: Firefox regressions
USN-6267-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...
USN-6276-1: unixODBC vulnerability
It was discovered that unixODBC incorrectly handled certain unicode to ansi copies. An attacker could possibly use this issue to cause a denial of service...
USN-6274-1: XMLTooling vulnerability
Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery...
USN-6275-1: Cargo vulnerability
Addison Crump discovered that Cargo incorrectly set file permissions on UNIX-like systems when extracting crate archives. If the crate would contain files writable by any user, a local attacker could possibly use this issue to execute code as another user...
USN-6273-1: poppler vulnerabilities
Jieyong Ma discovered that poppler incorrectly handled certain malformed PDF files. A remote attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-27337 It was discovered that...
USN-5064-3: GNU cpio vulnerability
USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash,...
USN-6272-1: OpenJDK 20 vulnerabilities
Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2023-22006 Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. ...
USN-6271-1: MaraDNS vulnerabilities
Xiang Li discovered that MaraDNS incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-30256 Huascar Tejeda discovered that MaraDNS...
USN-6270-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-2182 It was discovered th...
USN-6269-1: GStreamer Good Plugins vulnerability
It was discovered that GStreamer Good Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37327...
USN-6268-1: GStreamer Base Plugins vulnerabilities
It was discovered that GStreamer Base Plugins incorrectly handled certain FLAC image tags. A remote attacker could use this issue to cause GStreamer Base Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37327 It was discovered that GStreamer Base...
USN-6267-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-4047, CVE-2023-4048,...
USN-6266-1: librsvg vulnerability
Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element...
USN-6263-1: OpenJDK vulnerabilities
Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. CVE-2023-22006 Eirik Bjørsnøs discovered that...
USN-6242-2: OpenSSH vulnerability
USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their...
USN-6265-1: RabbitMQ vulnerability
It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information...
USN-6264-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...
USN-6262-1: Wireshark vulnerabilities
It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. CVE-2020-13164 It was discovered that Wireshark did not properly...
USN-6261-1: Linux kernel (IoT) vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090 Sh...
USN-6256-1: Linux kernel (IoT) vulnerabilities
Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-3108...
USN-6260-1: Linux kernel vulnerabilities
It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2022-48502...
USN-6259-1: Open-iSCSI vulnerabilities
Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. CVE-2020-13987 Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI...
USN-5193-3: X.Org X Server vulnerabilities
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash,...
USN-6258-1: LLVM Toolchain vulnerabilities
It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. CVE-2023-29932,...
USN-6257-1: Open VM Tools vulnerability
It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. CVE-2023-20867...
USN-6255-1: Linux kernel (Intel IoTG) vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090...
USN-6254-1: Linux kernel vulnerabilities
Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a race...
USN-6253-1: libvirt vulnerability
It wad discovered that libvirt incorrectly handled locking when processing certain requests. A local attacker could possibly use this issue to cause libvirt to stop responding or crash, resulting in a denial of service...
USN-6252-1: Linux kernel vulnerabilities
It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2022-1184 It was discovered tha...
USN-6251-1: Linux kernel vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090 Sh...
USN-5807-3: libXpm vulnerability
USN-5807-1 fixed a vulnerability in libXpm. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marco Ivaldi discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM fil...
USN-6250-1: Linux kernel vulnerabilities
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 It was discovered that the IP-VLAN...
USN-6249-1: Linux kernel (OEM) vulnerabilities
Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary...
USN-6248-1: Linux kernel (OEM) vulnerabilities
It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2022-47929 It was discovered that a race condition existed in Adreno GPU...
USN-6247-1: Linux kernel (OEM) vulnerabilities
David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. CVE-2022-2663 It was...
USN-6246-1: Linux kernel vulnerabilities
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090...
USN-6245-1: Trove vulnerabilities
Adam Bell discovered that Trove incorrectly handled arguments to the backup command. A remote attacker could possibly use this issue to execute arbitrary code...
USN-6244-1: AMD Microcode vulnerability
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information...
USN-6129-2: Avahi vulnerability
USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue t...
USN-6203-2: Django vulnerability
USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consu...
LSN-0096-1: Kernel Live Patch Security Notice
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash ...