USN-6141-1: xfce4-settings vulnerability Robin Peraglie and Johannes Moritz discovered that xfce4-settings incorrectly parsed quoted input when processed through xdg-open. A remote attacker could possibly use this issue to inject arbitrary arguments into the default browser or file manager. Source: USN-6141-1: xfce4-settings vulnerability
USN-6140-1: Go vulnerabilities It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41724, CVE-2023-24534, CVE-2023-24537) It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41725) It was discovered that Go did not properly validate backticks (`) as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2023-24538) It was discovered that [ more… ]
USN-6139-1: Python vulnerability Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could use this issue to bypass blockinglisting methods. This issue was first addressed in USN-5960-1, but was incomplete. Here we address an additional fix to that issue. (CVE-2023-24329) Source: USN-6139-1: Python vulnerability
USN-6138-1: libssh vulnerabilities Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1667) Kevin Backhouse discovered that libssh incorrectly handled verifying data signatures. A remote attacker could possibly use this issue to bypass authorization. (CVE-2023-2283) Source: USN-6138-1: libssh vulnerabilities
USN-6137-1: LibRaw vulnerabilities It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-6137-1: LibRaw vulnerabilities
Copyright © 2024 | WordPress Theme by MH Themes
