Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2023-40274: LFI in zola serve · Issue #2257 · getzola/zola

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.

CVE
Open in Source
#web#mac#windows#ubuntu
CVE-2021-3236: Lack of verification of wp->w_buffer causes null pointer references in ex_buffer_all() · Issue #7674 · vim/vim

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

CVE-2020-24222: ffjpeg "jfif_decode" function segment fault · Issue #31 · rockcarry/ffjpeg

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

CVE-2020-24221: I found a large or infinite loop in ngiflib · Issue #17 · miniupnp/ngiflib

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

CVE-2020-24904: Security issue · Issue #84 · davesteele/gnome-gmail

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

Ubuntu Security Notice USN-6277-2

Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.

Ubuntu Security Notice USN-6282-1

Ubuntu Security Notice 6282-1 - Jackson Henry discovered that Velocity Tools incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

systemd 246 Local Root Privilege Escalation

systemd version 246 suffers from a local root privilege escalation vulnerability.