Tag
#ubuntu
WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
OMPL v1.5.2 contains a memory leak in VFRRT.cpp
Ubuntu Security Notice 5382-2 - USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu 22.04 LTS. Albin Eldstål-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with specially crafted names. A local attacker with physical access could use this to cause libinput to crash or expose sensitive information.
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
Ubuntu Security Notice 5398-1 - It was discovered that SDL incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5397-1 - Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information.
Ubuntu Security Notice 5396-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
Ubuntu Security Notice 5395-1 - It was discovered that networkd-dispatcher incorrectly handled internal scripts. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code.