Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
b0e2703f42318fc7c0a4e60c767ce87190f7c37446b669112673f0af14942855
Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
8d71031be094dc1bac13e1c7994d1cfcdb0da1ae5dd428700ba4439417aa0081
Gold Filled CRM version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
7df5256a62f4b26f1e4415c585d3fa307a8092cdea4dec86c2b611cd1e38214d
Ubuntu Security Notice 5799-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
ce4998fbf8aa90d0155c6a2ddebcdd951316a5e7ef8f07cd60cd721cb26a6117
Gentoo Linux Security Advisory 202301-8 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected.
aa2e8b7c11eff17581a3f5e6d9bacb5ad34eeb6898cf65272451c69c932c77f2
Ubuntu Security Notice 5793-3 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
de87ce493d82fd0359247a8cad970c787d81d4e8273265a324e13a768ef64e55
Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
2c32e72ace00f2afbe7c74ffcd43d9f0c6bdd99ce3882f8881790ea8ad77c31c
Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.
db71108f98463292403fd7c6f94877025ceff307cd04b48feff8fc02a418ecb7
Ubuntu Security Notice 5791-3 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
bea4157756a0d933dd299dae28bd0050fa218f5e44ba4864a54ee5c6b82a4669
ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.
75550497f441c15436243b166bf836846ad5f220742342f795cbab8cded44902
Gentoo Linux Security Advisory 202301-1 - Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution. Versions less than 2022.10.3 are affected.
eb68b9775411efb58023314649ba5c1a2acc470176356ba8cbefbf814eb80a7a
Ubuntu Security Notice 5796-2 - USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
b9c5a65178fc16d7ea8bdc9dac52b8482a42a04ade627517fab36bce1d340e2f
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
Ubuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.
fb2509db5276c7a38c4ef42d1e8b9433e8888d4644fe4c183980aac1d032ff8a
Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d675040336f5a36e7ca116ff8ee729cb2ab25769ff6dae5749e51445e04f8c2c
Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.
b30a2968ea71adaa4d74717a784dc2aa83b0f4ff631d0b31a605118d8157a40a
Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
61a76824088434d45265841359f97a71f6e3346100e4081fc6a5ddb1b292354e
Ubuntu Security Notice 5791-2 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
af31e2f0f32d49436b8b155fc82a87ba9e92d354b8a376c8215264292ec1c748
Ubuntu Security Notice 5787-2 - USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.
82286b86067d6fc4fa31cac9d371a0b0f0692d36a900f8a50b11f9aed2f7b2c0
Ubuntu Security Notice 5794-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
f94cebf0ea6c3ab3da6d1994df82f1a6cfce5dea6344042ba9c85491090964a9
Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
91ba98c3c9637a1d31736093e5bfd37579c41aaa5e5abbbbc4396e2e20bfe7e1
Ubuntu Security Notice 5792-1 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
0d471b882265b05e21d7d5364395548bdfdb7aabb60f28ba0290bf97ec7175cb
Ubuntu Security Notice 5791-1 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.
c620604793b568d88ed5f96e800d17e391508664ad2fb783107dcfa6afb9a3f2
Ubuntu Security Notice 5790-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1d9560d5aef2cc859cd9a37a38fc80172a6ac7361f6977f86ca4cee9c00d13a5
Ubuntu Security Notice 5788-1 - Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code.
3ef92df63b6493af5d8bf8786dd0e272eec83c93043b706adf9ec6157dddd4d6