Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2023-1361: SQL Injection in 'core/ajax/ajax_data.php' in bumsys

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.

CVE
Open in Source
#sql#csrf#ubuntu#linux#git#php#auth#firefox
Ubuntu Security Notice USN-5944-1

Ubuntu Security Notice 5944-1 - It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service. It was discovered that SnakeYAML did not limit the maximal data matched with regular expressions when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5942-1

Ubuntu Security Notice 5942-1 - Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy_uwsgi module incorrectly handled certain special characters. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

CVE-2023-27117: heap overflow in wabt::Node::operator=(wabt::Node&&) · Issue #1989 · WebAssembly/wabt

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.

CVE-2023-27115: SEGV in wabt::cat_compute_size · Issue #1992 · WebAssembly/wabt

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

CVE-2023-27119: SEGV in wabt::Decompiler::WrapChild · Issue #1990 · WebAssembly/wabt

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.

Ubuntu Security Notice USN-5939-1

Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5938-1

Ubuntu Security Notice 5938-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2021-33353: Offensive Security’s Exploit Database Archive

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.