Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2023-47345: [Bugs] UPF crash caused by malformed PFCP messages whose 1st IE length is mutated to zero · Issue #483 · free5gc/free5gc

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#git#buffer_overflow
CVE-2023-48014: stack-buffer-overflow in /gpac/src/media_tools/av_parsers.c:7735:42 in hevc_parse_vps_extension · Issue #2613 · gpac/gpac

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.

CVE-2023-48013: double-free in gf_filterpacket_del /home/user/fuzzing_gpac/gpac/src/filter_core/filter.c:38:17 · Issue #2612 · gpac/gpac

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.

CVE-2023-48011: heap-use-after-free in ./gpac/src/isomedia/movie_fragments.c:936:37 in flush_ref_samples · Issue #2611 · gpac/gpac

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

CVE-2023-48089: Remote Code Execution in /xxl-job-admin/jobcode/save · Issue #3333 · xuxueli/xxl-job

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.

CVE-2023-48087: Permission Vulnerability of Path /xxl-job-admin/joblog/clearLog & /xxl-job-admin/joblog/logDetailCat · Issue #3330 · xuxueli/xxl-job

xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.

CVE-2023-48088: XSS attack appears in /xxl-job-admin/joblog/logDetailPage · Issue #3329 · xuxueli/xxl-job

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.

Ubuntu Security Notice USN-6473-2

Ubuntu Security Notice 6473-2 - USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Ubuntu Security Notice USN-6475-1

Ubuntu Security Notice 6475-1 - It was discovered that Cobbler did not properly handle user input, which could result in an absolute path traversal. An attacker could possibly use this issue to read arbitrary files. It was discovered that Cobbler did not properly handle user input, which could result in command injection. An attacker could possibly use this issue to execute arbitrary code with high privileges.

Ubuntu Security Notice USN-6449-2

Ubuntu Security Notice 6449-2 - USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.