Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

Ubuntu Security Notice USN-6192-1

Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Packet Storm
#vulnerability#web#google#microsoft#amazon#ubuntu#linux#dos#oracle#intel#perl#aws#ibm
Ubuntu Security Notice USN-6191-1

Ubuntu Security Notice 6191-1 - USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message.

CVE-2023-26966: SEGV at /libtiff/tif_luv.c:961 in uv_encode() (#530) · Issues · libtiff / libtiff · GitLab

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.

CVE-2023-25433: heap-buffer-overflow in processCropSelections() at /libtiff/tools/tiffcrop.c:8499 (SIGSEGV) (#520) · Issues · libtiff / libtiff · GitLab

libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.

CVE-2023-33592: CVE/CVE-2023-33592 at main · DARSHANAGUPTA10/CVE

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

Ubuntu Security Notice USN-6189-1

Ubuntu Security Notice 6189-1 - It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd.

Ubuntu Security Notice USN-6190-1

Ubuntu Security Notice 6190-1 - Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2023-3436: xpdf-4.04/xpdf/XRef.cc: XRef::getObjectStreamObject - forum.xpdfreader.com

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Office Suite Premium 10.9.1.42602 Local File Inclusion

Office Suite Premium version 10.9.1.42602 suffers from a local file inclusion vulnerability.

Office Suite Premium 10.9.1.42602 Path Traversal

Office Suite Premium version 10.9.1.42602 suffers from a path traversal vulnerability.