Ubuntu Security Notice 6785-1 - Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections.
ad37da10056aff526b9a741ed5a7299a8b4531fd429070e7779da440314f8600Ubuntu Security Notice 6784-1 - It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service.
053d3031c0533899c17dfd47d5e52600769540b87b87c3fcbcded117af755a85Ubuntu Security Notice 6736-2 - USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code.
e52b87abb1cbef1ab680534a984ee5229ded4d8db86d8012fd602d5815e51c14Ubuntu Security Notice 6777-4 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
1ddb7b19b0860afc6380f043e7df1dbadf439c03cab8f2cbfee5d3481b830488Ubuntu Security Notice 6663-3 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks.
18cb5a48db6c8632a83a0a56e846c4647c9a2d8ac9a12d65ac6adaa616ca0484Ubuntu Security Notice 6783-1 - It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution.
74e3830e001942c2ddc6731929c011b922cbfa41a326dcc195908ced4f0613b9NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.
e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.
0f0a71c347b975f78289e67052bdd319bc9db3306585631d3361530ff7c998bfUbuntu Security Notice 6777-3 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
0a4ec1b5cdab50af1d45a8024a5c8ea07e1e81310889905d0a681372aa96f76cUbuntu Security Notice 6775-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
68847ce8c2132a68e75792ac2d82bcd7511acf2ecd56b621cac7d6242948ea6eUbuntu Security Notice 6780-1 - Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.
bbb048cf814f6806a645c6dc9c2a5fdd98efe4048d43ea84e67590f8f5bad561Ubuntu Security Notice 6781-1 - Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution.
cbbc9336f0ab4f5ad4b0da404d1fa2f58da1f00404c2dbea318ee4148ecf03b9Ubuntu Security Notice 6779-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.
4d7400f325f71baca26df6b20cae1eea1678bfef4723ae53fb8cbfd57b547707Ubuntu Security Notice 6777-2 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
72271efbeb2c8c72f119354b488d9c7dc86b9ccf7e2897aab881ff2261d7b673Ubuntu Security Notice 6766-3 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
8016064a83bb8f7ec9c086ffc5f49d34292dc87c98d4d5e89a0f4a68cc0615bcUbuntu Security Notice 6778-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
5a2b8f3e7c01bf9c18ee07e2832ea0ee3f8ecf967fad1e117b272bd91c9ddf00Ubuntu Security Notice 6777-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b8c50fe87a65aab78fee16a7a2e72919e82b274a3499976383ee5ba67e9b0de8Ubuntu Security Notice 6776-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
58ebb40d9229560d190487a623c636894cd2a49ae67f8d6a99ef637f0e504658Ubuntu Security Notice 6775-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
b5d6c7edc958b26afa94ba9748033355ae54e916f0de0e7c190c83e7ccc7985bUbuntu Security Notice 6774-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
879e950c4cc102e3739561be7468b79c78e99aa24cc7b8cac33139378491991eUbuntu Security Notice 6773-1 - It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use this to cause a dead-lock condition, resulting in a denial of service.
8d23913998e943cb3534c4ca901b26824fd43968abb8ff4582f8aa5e31563feaUbuntu Security Notice 6766-2 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
0a8b72cb9ddc467a12013b3d726c7b1fa23dd695db2b2331e5af1ee0356bc9c9Ubuntu Security Notice 6767-2 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
885350375e9760db30c910ea3c9badf280ffc608433042df8187d13fec7c9681Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.
590fa84cad23748ca02289e6f9530d990b8eb44ed69567c869b7a9030e59d269Ubuntu Security Notice 6771-1 - It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service.
d4667d289a8e91d1ce3a98ab4961c911970232c5d3603980b0eb0eb6e4153694
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed