10832 matches found
USN-4895-1: Squid vulnerabilities
Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...
USN-4894-1: WebKitGTK vulnerabilities
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-4893-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2021-23981, CVE-2021-23982, CVE-2021-23983,...
USN-3685-2: Ruby regression
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...
USN-4888-2: ldb vulnerabilities
USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue t...
USN-4891-1: OpenSSL vulnerability
It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service...
USN-4889-1: Linux kernel vulnerabilities
Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-27365 Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not...
USN-4888-1: ldb vulnerabilities
Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. CVE-2021-20277 Douglas Bagnall discovered that ldb, when used with Samba,...
USN-4887-1: Linux kernel vulnerabilities
De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information kernel memory or possibly execute arbitrary code...
USN-4886-1: Privoxy vulnerabilities
It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272,...
USN-4885-1: Pygments vulnerability
It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially crafted SML file, a remote attacker could cause Pygments to hang, resulting in a denial of service...
USN-4884-1: Linux kernel (OEM) vulnerabilities
Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service system crash. CVE-2021-20194 It was discovered that the priority inheritance futex...
USN-4882-1: Ruby vulnerabilities
It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...
USN-4782-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM. CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only Ubuntu 18.04 ESM...
USN-4774-1: Spring Framework vulnerabilities
Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cause a denial of service. CVE-2015-3192 Alvaro Muñoz discovered that Spring Framework incorrectly handled certain URLs. A remote attacker could...
USN-4806-1: mpg123 vulnerability
It was discovered that mpg123 failed to handle certain malformed mp3 files. An attacker could use this vulnerability to potentially leak sensitive information or cause a crash...
USN-4881-1: containerd vulnerability
It was discovered that containerd incorrectly handled certain environment variables. Contrary to expectations, a container could receive environment variables defined for a different container, possibly containing sensitive information...
USN-5102-2: Mercurial vulnerabilities
USN-5102-1 fixed vulnerabilities in Mercurial. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to...
USN-4835-1: VCFtools vulnerabilities
It was discovered that VCFtools improperly handled certain input. If a user were tricked into opening a crafted input file, VCFtools could be made to crash or possibly cause other unspecified impact. CVE-2018-11099, CVE-2018-11129, CVE-2018-11130 It was discovered that VCFtools improperly handled...
USN-4843-1: phpMyAdmin vulnerabilities
Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could use this vulnerability to cause a denial-of-service DoS. This issue only affected Ubuntu 14.04 ESM. CVE-2014-9218 Emanuel Bronshtein discovered that phpMyAdmin failed to...
USN-4880-1: OpenJPEG vulnerabilities
It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code...
USN-4879-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Loris Reiff discovered that the BPF implementation in t...
USN-4878-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 Ryota Shiga discovered that the sockopt BPF hooks in th...
USN-4877-1: Linux kernel vulnerabilities
It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-36158 吴异 discovered that the NFS implementation in the Linux...
USN-4876-1: Linux kernel vulnerabilities
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. CVE-2020-29569 It was discovered that the...
USN-4875-1: OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
USN-4874-1: Apache Ant vulnerability
It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...
USN-4872-1: Axel vulnerability
It was discovered that Axel did not properly verify the certificates for hostnames. An attacker could use this vulnerability to impersonate another server and obtain sensitive information...
USN-4871-1: targetcli-fb vulnerabilities
It was discovered that targetcli-fb did not properly manage socket permissions. A local attacker could use this issue to modify the iSCSI configuration resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2020-10699 It was discovered that targetcli-fb did...
USN-4870-1: Bundler vulnerability
It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...
USN-4869-1: aria2 vulnerability
It was discovered that aria2 could accidentally leak authentication data. An attacker could possibly use this to gain access to sensitive information...
USN-4868-1: LibTomCrypt vulnerability
It was discovered that LibTomCrypt incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or read sensitive information...
USN-4863-1: fstream vulnerability
It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4862-1: Neovim vulnerability
It was discovered that Neovim incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...
USN-4860-1: Monit vulnerabilities
Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks. CVE-2019-11454 Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to...
USN-4859-1: MediaInfoLib vulnerabilities
It was discovered that MediaInfoLib contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfoLib to crash, resulting in a denial of service...
USN-4858-1: Gradle vulnerabilities
It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...
USN-4857-1: BWA vulnerability
It was discovered that Burrows-Wheeler Aligner BWA mishandled certain crafted .alt files. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code...
USN-4856-1: docker-credential-helpers vulnerability
Jasiel Spelman discovered that docker-credential-helpers has a double free. A local attacker could use this to cause a denial of service crash or possibly execute arbitrary code...
USN-4855-1: IPython vulnerability
It was discovered that IPython did not properly sanitize certain input. If a user were tricked into opening a specially crafted notebook file, a remote attacker could possibly use this issue to execute arbitrary code...
USN-4854-1: AsyncSSH vulnerability
Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions...
USN-4853-1: liveMedia vulnerabilities
It was discovered that liveMedia incorrectly handled certain network packets. An attacker could possibly use this issue to execute arbitrary code. CVE-2018-4013 It was discovered that liveMedia incorrectly handled certain network sessions. An attacker could possibly use this issue to cause a deni...
USN-4852-1: VTK vulnerabilities
It was discovered that VTK incorrectly handled certain XML files in the embedded Expat library. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...
USN-4851-1: Libsolv vulnerabilities
It was discovered that Libsolv incorrectly handled certain malformed input. An attacker could use this issue to cause Libsolv to crash, resulting in a denial of service...
USN-4848-1: mini_httpd vulnerability
It was discovered that ACME minihttpd did not properly handle HTTP GET requests with empty headers. A remote attacker could use this vulnerability to read arbitrary files...
USN-4846-1: Yubico PIV Tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
USN-4845-1: libcgroup vulnerability
It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information...
USN-4844-1: Cinnamon vulnerability
Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could potentially use this vulnerability to overwrite arbitrary files as root...
USN-4842-1: ntopng vulnerability
It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session...
USN-4229-2: NTP vulnerability
USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute...