Download
| Alert*
oval:org.secpod.oval:def:707783
Ubuntu 22.10 is installed oval:org.secpod.oval:def:707826 shadow: system login tools shadow could be made to overwrite files. oval:org.secpod.oval:def:708101 patchelf: modify properties of ELF executables patchelf could be made to crash or read sensitive data if it opened a specially crafted file. oval:org.secpod.oval:def:708114 openssl-ibmca: libica based hardware acceleration engine for OpenSSL OpenSSL-ibmca could be made to expose sensitive information. oval:org.secpod.oval:def:86370 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of file attributes. The issue results from the lack of proper validation of the lengt ... oval:org.secpod.oval:def:86369 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT com ... oval:org.secpod.oval:def:707875 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:707784 libksba: X.509 and CMS support library Details: USN-5688-1 fixed vulnerabilities in Libksba. This update provides the corresponding update for Ubuntu 22.10. Original advisory Libksba could be made to crash or run programs if it decoded specially crafted data. oval:org.secpod.oval:def:707803 mako: fast and lightweight templating for the Python platform Details: USN-5625-1 fixed a vulnerability in Mako. This update provides the corresponding updates for Ubuntu 22.10. Original advisory Mako could be made to denial of service if it received a specially crafted regular expression. oval:org.secpod.oval:def:708271 etcd: highly-available key value store -- client etcd could be made to expose sensitive information over the network. oval:org.secpod.oval:def:708146 mysql-8.0: MySQL database Details: USN-6060-1 fixed vulnerabilities in MySQL. The new upstream 8.0.33 version introduced a regression on the armhf architecture. This update fixes the problem. Original advisory USN-6060-1 introduced a regression in MySQL. oval:org.secpod.oval:def:708269 dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. We apologize for the inconvenience. Original ... oval:org.secpod.oval:def:85611 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708115 libcommons-net-java: Apache Commons Net - Java client API for basic Internet protocols Apache Commons Net could be made to expose sensitive information over the network. oval:org.secpod.oval:def:708125 erlang: Concurrent, real-time, distributed functional language Erlang could allow unintended access to network services. oval:org.secpod.oval:def:708253 libjettison-java: A Java library for converting XML to JSON and vice-versa Several security issues were fixed in Jettison. oval:org.secpod.oval:def:708257 It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18. ... oval:org.secpod.oval:def:708234 sniproxy: Transparent TLS and HTTP layer 4 proxy with SNI support SNI Proxy could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:708282 cpdb-libs: Common Print Dialog Backends - Tools CPDB could be made to crash or execute arbitrary code. oval:org.secpod.oval:def:708289 ruby-doorkeeper: OAuth 2 provider for Rails and Grape Doorkeeper could be made to expose sensitive information over the network. oval:org.secpod.oval:def:708276 python-reportlab: library to create PDF documents ReportLab could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:708142 python-os-brick: Library for managing local volume attaches os-brick could be made to expose sensitive information. oval:org.secpod.oval:def:708141 cinder: OpenStack storage service Cinder could be made to expose sensitive information. oval:org.secpod.oval:def:708143 python-glance-store: OpenStack Image Service store library Glance_store could be made to expose sensitive information. oval:org.secpod.oval:def:708140 nova: OpenStack Compute cloud infrastructure Nova could be made to expose sensitive information. oval:org.secpod.oval:def:708230 glusterfs: clustered file-system GlusterFS could be made to crash if it received a specially crafted request. oval:org.secpod.oval:def:708219 xfce4-settings: graphical application for managing Xfce settings xfce4-settings could be made to run programs with arbitrary arguments if it received specially crafted input. oval:org.secpod.oval:def:707827 sysstat: system performance tools for Linux Sysstat could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:707804 nginx: small, powerful, scalable web/proxy server Several security issues were fixed in nginx. oval:org.secpod.oval:def:707823 exim4: Exim is a mail transport agent Exim could be made to crash or run programs if it processed specially crafted regular expressions. oval:org.secpod.oval:def:708300 knot-resolver: caching, DNSSEC-validating DNS resolver Knot Resolver could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:707829 perl: Practical Extraction and Report Language Details: USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. Original advisory Perl could be made to by pass signature verification. oval:org.secpod.oval:def:707802 golang-1.13: Go programming language compiler Go applications could be made to hang or crash if they received specially crafted input. oval:org.secpod.oval:def:707824 jbigkit: JBIG1 data compression library JBIG-KIT could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:708231 jupyter-core: Core common functionality of Jupyter projects Jupyter Core could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:708260 libjettison-java: A Java library for converting XML to JSON and vice-versa Jettison could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:708131 openvswitch: Ethernet virtual switch Open vSwitch could be made to stop forwarding packets if it received specially crafted network traffic. oval:org.secpod.oval:def:707820 xorg-server: X.Org X11 server - xwayland: X server for running X clients under Wayland - xorg-server-hwe-18.04: X.Org X11 server - xorg-server-hwe-16.04: X.Org X11 server Several security issues were fixed in X.Org X Server. oval:org.secpod.oval:def:708290 ghostscript: PostScript and PDF interpreter Ghostscript could be made to run programs if it opened a specially crafted file. oval:org.secpod.oval:def:708301 mozjs102: SpiderMonkey JavaScript library Several security issues were fixed in SpiderMonkey. oval:org.secpod.oval:def:89901 ceph: distributed storage and file system Several security issues were fixed in Ceph. oval:org.secpod.oval:def:708241 c-ares: library for asynchronous name resolution Several security issues were fixed in c-ares. oval:org.secpod.oval:def:708225 netatalk: Apple Filing Protocol service Several security issues were fixed in Netatalk. oval:org.secpod.oval:def:707788 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:708243 libcap2: POSIX 1003.1e capabilities Several security issues were fixed in libcap2. oval:org.secpod.oval:def:708130 freetype: FreeType 2 is a font engine library FreeType could be made to crash or possibly execute arbitrary code if it opened a specially crafted font file. oval:org.secpod.oval:def:708210 avahi: IPv4LL network address configuration daemon Avahi could be made to crash if it received specially crafted DBus traffic. oval:org.secpod.oval:def:708110 cloud-init: initialization and customization tool for cloud instances cloud-init could write sensitive information to logs. oval:org.secpod.oval:def:708246 libx11: X11 client-side library libx11 could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:708292 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708155 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:85704 freerdp2: RDP client for Windows Terminal Services Several security issues were fixed in FreeRDP. oval:org.secpod.oval:def:707819 expat: XML parsing C library Details: USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. This update also fixes a minor regression introduced in Ubuntu 18.04 LTS. We a ... oval:org.secpod.oval:def:708113 netty: Java NIO client/server socket framework Several security issues were fixed in Netty. oval:org.secpod.oval:def:708120 python-django: High-level Python web development framework A Django hardening measure could be bypassed. oval:org.secpod.oval:def:708233 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information over the network. oval:org.secpod.oval:def:707822 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:86997 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:708224 sysstat: system performance tools for Linux Sysstat could be made to crash or run programs if it processed specially crafted data. oval:org.secpod.oval:def:708119 git: fast, scalable, distributed revision control system Several security issues were fixed in Git. oval:org.secpod.oval:def:708258 vlc: multimedia player and streamer Several security issues were fixed in VLC media player. oval:org.secpod.oval:def:708208 cups: Common UNIX Printing System CUPS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:708264 cups: Common UNIX Printing System CUPS could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:90539 vim: Vi IMproved - enhanced vi editor Several security issues were fixed in Vim. oval:org.secpod.oval:def:708149 openjdk-17: Open Source Java implementation - openjdk-20: Open Source Java implementation - openjdk-8: Open Source Java implementation - openjdk-lts: Open Source Java implementation Several security issues were fixed in OpenJDK. oval:org.secpod.oval:def:708281 containerd: daemon to control runC Several security issues were fixed in containerd. oval:org.secpod.oval:def:708158 runc: Open Container Project Several security issues were fixed in runC. oval:org.secpod.oval:def:708151 libwebp: Lossy compression of digital photographic images libwebp could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:708147 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708226 mozjs102: SpiderMonkey JavaScript library Several security issues were fixed in SpiderMonkey. oval:org.secpod.oval:def:91653 imagemagick: Image manipulation programs and library Several security issues were fixed in ImageMagick. oval:org.secpod.oval:def:85308 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:85075 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:707873 w3m: WWW browsable pager with excellent tables/frames support w3m could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:708128 mysql-8.0: MySQL database - mysql-5.7: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:91652 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:708272 linux: Linux kernel - linux-allwinner: Linux kernel for Allwinner processors - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-ibm: Linux kernel for IBM cloud s ... oval:org.secpod.oval:def:708283 python-django: High-level Python web development framework Django could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:708242 glib2.0: GLib library of C routines Several security issues were fixed in GLib. oval:org.secpod.oval:def:708310 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:708133 sqlparse: documentation for non-validating SQL parser in Python SQL parse could be made to denial of service if it received a specially crafted regular expression. oval:org.secpod.oval:def:90537 golang-1.19: Go programming language compiler - metapackage Several security issues were fixed in Go. oval:org.secpod.oval:def:708102 dnsmasq: Small caching DNS proxy and DHCP/TFTP server Dnsmasq could cause transmission reliability issues when sending large DNS messages. oval:org.secpod.oval:def:91655 ruby3.1: Interpreter of object-oriented scripting language Ruby - ruby3.0: Interpreter of object-oriented scripting language Ruby - ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fix ... oval:org.secpod.oval:def:91651 ruby3.1: Interpreter of object-oriented scripting language Ruby Several security issues were fixed in Ruby. oval:org.secpod.oval:def:708046 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - ... oval:org.secpod.oval:def:708027 linux-kvm: Linux kernel for cloud environments Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708148 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-raspi: Linux kernel for Raspberry Pi systems - linux-azur ... oval:org.secpod.oval:def:708007 linux-raspi: Linux kernel for Raspberry Pi systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708100 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - li ... oval:org.secpod.oval:def:707848 linux-azure: Linux kernel for Microsoft Azure Cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708216 python3.11: An interactive high-level object-oriented language - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level objec ... oval:org.secpod.oval:def:90540 qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:707821 mariadb-10.6: MariaDB database - mariadb-10.3: MariaDB database Several security issues were fixed in MariaDB. oval:org.secpod.oval:def:708202 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - ... oval:org.secpod.oval:def:708268 linux-ibm: Linux kernel for IBM cloud systems Several security issues were fixed in the Linux kernel. oval:org.secpod.oval:def:708251 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - li ... oval:org.secpod.oval:def:707874 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:708126 webkit2gtk: Web content engine library for GTK+ Several security issues were fixed in WebKitGTK. oval:org.secpod.oval:def:708111 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:91658 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:708099 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:708303 scipy: scientific library for Python - documentation Several security issues were fixed in SciPy. oval:org.secpod.oval:def:708215 frr: FRRouting suite of internet protocols Several security issues were fixed in FRR. oval:org.secpod.oval:def:708217 libraw: raw image decoder library Several security issues were fixed in LibRaw. oval:org.secpod.oval:def:708213 perl: Practical Extraction and Report Language Details: USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Original advisory Perl could be made to install modules from untrusted sources. oval:org.secpod.oval:def:708278 php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter PHP could be made to expose sensitive information. oval:org.secpod.oval:def:708214 libssh: A tiny C SSH library Several security issues were fixed in libssh. oval:org.secpod.oval:def:708291 dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime The maximum failed attempts security feature for .NET could be bypassed. oval:org.secpod.oval:def:708238 dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Several security issues were fixed in .NET. oval:org.secpod.oval:def:90542 dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Several security issues were fixed in .NET. oval:org.secpod.oval:def:707878 dotnet6: dotNET CLI tools and runtime dotnet6 could be made to crash if it received specially crafted network traffic. |