Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2023-31779: wekan/CHANGELOG.md at master · wekan/wekan

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#android#mac#windows#google#microsoft#ubuntu#linux#debian#red_hat#apache#nodejs#js#git#java#oracle#kubernetes#php#perl#ldap#nginx#pdf#amd#oauth#auth#ssh#ibm#mongo#postgres#docker#jira#chrome#firefox#sap#ssl
CVE-2023-33250: KASAN: slab-use-after-free Read in iopt_unmap_iova_range

The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.

CVE-2023-30774: heap-buffer-overflow in tiffcrop (#463) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.

CVE-2023-30775: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (#464) · Issues · libtiff / libtiff · GitLab

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.

Ubuntu Security Notice USN-6092-1

Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6091-1

Ubuntu Security Notice 6091-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6090-1

Ubuntu Security Notice 6090-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6089-1

Ubuntu Security Notice 6089-1 - It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2023-1195: cifs: fix use-after-free caused by invalid pointer `hostname` · torvalds/linux@153695d

A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.

Ubuntu Security Notice USN-6087-1

Ubuntu Security Notice 6087-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM.