#ubuntu

Ubuntu Security Notice 6295-1 - It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code.

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device.

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.

Ubuntu Security Notice 6294-1 - Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions.

Ubuntu Security Notice 6293-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

Ubuntu Security Notice 6292-1 - It was discovered that Ceph incorrectly handled crash dumps. A local attacker could possibly use this issue to escalate privileges to root.

Ubuntu Security Notice 6291-1 - Hanno Bock discovered that GStreamer incorrectly handled certain datetime strings. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.