Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2023-50495: Segment fault in tic

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

CVE
Open in Source
#ubuntu#linux#redis#c++
CVE-2023-49990: global-buffer-overflow exists in the function SetUpPhonemeTable in synthdata.c · Issue #1824 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.

CVE-2023-49993: global-buffer-overflow exists in the function ReadClause in readclause.c · Issue #1826 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE-2023-49994: Floating Point Exception exists in the function PeaksToHarmspect in wavegen.c · Issue #1823 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

CVE-2023-49992: stack-buffer-overflow exists in the function RemoveEnding in dictionary.c · Issue #1827 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

CVE-2023-49991: stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c · Issue #1825 · espeak-ng/espeak-ng

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

Ubuntu Security Notice USN-6550-1

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6549-1

Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6548-1

Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6547-1

Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.