13 hours 43 minutes ago
It was discovered that Open VM Tools incorrectly handled certain file
operations. An attacker in a guest could use this issue to perform insecure
file operations and possibly elevate privileges in the guest.
15 hours 11 minutes ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Hardware crypto device drivers;
- GPU drivers;
- IIO subsystem;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- SPI subsystem;
- USB Gadget drivers;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- SMB network file system;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-46771, CVE-2021-47500, CVE-2024-56631, CVE-2021-47219,
CVE-2021-47163, CVE-2024-50256, CVE-2024-56650, CVE-2024-46780,
CVE-2021-47506, CVE-2024-26996, CVE-2025-21971, CVE-2021-47587,
CVE-2021-47245, CVE-2024-56598, CVE-2021-46959, CVE-2024-26974,
CVE-2024-56642, CVE-2023-52741, CVE-2021-47150, CVE-2024-53173,
CVE-2024-26915, CVE-2024-36934, CVE-2024-56770, CVE-2024-53063,
CVE-2021-47191, CVE-2024-26689, CVE-2024-53066, CVE-2024-35864,
CVE-2024-50237, CVE-2024-53140, CVE-2024-49944)
1 day 9 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Hardware crypto device drivers;
- GPU drivers;
- IIO subsystem;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- SPI subsystem;
- USB Gadget drivers;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- SMB network file system;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-56598, CVE-2024-56650, CVE-2024-46771, CVE-2024-53173,
CVE-2024-53063, CVE-2024-26974, CVE-2021-46959, CVE-2024-53066,
CVE-2021-47163, CVE-2024-50237, CVE-2021-47587, CVE-2024-56631,
CVE-2024-50256, CVE-2021-47150, CVE-2021-47506, CVE-2021-47219,
CVE-2023-52741, CVE-2024-49944, CVE-2025-21971, CVE-2024-26689,
CVE-2024-46780, CVE-2024-53140, CVE-2021-47245, CVE-2024-56642,
CVE-2021-47500, CVE-2024-36934, CVE-2024-26996, CVE-2024-35864,
CVE-2021-47191, CVE-2024-26915, CVE-2024-56770)
1 day 9 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Hardware crypto device drivers;
- GPU drivers;
- IIO subsystem;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- SPI subsystem;
- USB Gadget drivers;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- SMB network file system;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-56650, CVE-2024-26915, CVE-2024-50237, CVE-2024-53140,
CVE-2024-26996, CVE-2021-47506, CVE-2024-26974, CVE-2025-21971,
CVE-2024-56770, CVE-2024-53063, CVE-2021-47245, CVE-2024-36934,
CVE-2021-47500, CVE-2024-53173, CVE-2021-47219, CVE-2024-46771,
CVE-2024-56631, CVE-2024-46780, CVE-2024-35864, CVE-2021-46959,
CVE-2021-47191, CVE-2021-47587, CVE-2024-53066, CVE-2024-56642,
CVE-2021-47163, CVE-2024-50256, CVE-2021-47150, CVE-2024-56598,
CVE-2024-26689, CVE-2023-52741, CVE-2024-49944)
1 day 10 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Hardware crypto device drivers;
- GPU drivers;
- IIO subsystem;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- SPI subsystem;
- USB Gadget drivers;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- SMB network file system;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-46780, CVE-2021-47163, CVE-2024-46771, CVE-2021-47506,
CVE-2024-36934, CVE-2024-35864, CVE-2024-26915, CVE-2021-47150,
CVE-2024-50256, CVE-2024-53173, CVE-2024-53066, CVE-2024-53063,
CVE-2021-47245, CVE-2024-26996, CVE-2024-56642, CVE-2021-47219,
CVE-2024-56631, CVE-2021-47587, CVE-2021-47191, CVE-2023-52741,
CVE-2021-46959, CVE-2024-26689, CVE-2024-26974, CVE-2024-56770,
CVE-2024-56598, CVE-2024-49944, CVE-2024-50237, CVE-2024-53140,
CVE-2024-56650, CVE-2021-47500, CVE-2025-21971)
5 days 10 hours ago
Juraj Šarinay discovered that LibreOffice incorrectly handled verifying
PDF signatures. A remote attacker could possibly use this issue to
generate PDF files that appear to have a valid signature.
5 days 11 hours ago
Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP
requests. A remote attacker could possibly use this issue to smuggle
malicious HTTP requests, which could potentially lead to security
control bypass and information leakage.
6 days 3 hours ago
USN-7501-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Elias Myllymäki discovered that Django incorrectly handled stripping large
sequences of incomplete HTML tags. A remote attacker could possibly use
this issue to cause Django to consume resources, leading to a denial of
service.
6 days 6 hours ago
It was discovered that Horde Css Parser did not correctly handle
parsing uncontrolled CSS data. An attacker could possibly use
this issue to perform remote code execution. (CVE-2020-13756)
6 days 7 hours ago
Elias Myllymäki discovered that Django incorrectly handled stripping large
sequences of incomplete HTML tags. A remote attacker could possibly use
this issue to cause Django to consume resources, leading to a denial of
service.
6 days 10 hours ago
USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the
corresponding updates for libsoup3.
Original advisory details:
Tan Wei Chong discovered that libsoup incorrectly handled memory when
parsing HTTP request headers. An attacker could possibly use this issue to
send a maliciously crafted HTTP request to the server, causing a denial of
service. (CVE-2025-32906)
Alon Zahavi discovered that libsoup incorrectly parsed video files. An
attacker could possibly use this issue to send a maliciously crafted HTTP
response back to the client, causing a denial of service, or leading to
undefined behavior. (CVE-2025-32909)
Jan Różański discovered that libsoup incorrectly handled memory when
parsing authentication headers. An attacker could possibly use this issue
to send a maliciously crafted HTTP response back to the client, causing a
denial of service. (CVE-2025-32910, CVE-2025-32912)
It was discovered that libsoup incorrectly handled data in the hash table
data type. An attacker could possibly use this issue to send a maliciously
crafted HTTP request to the server, causing a denial of service or remote
code execution. (CVE-2025-32911)
Jan Różański discovered that libsoup incorrectly handled memory when
parsing the content disposition HTTP header. An attacker could possibly
use this issue to send maliciously crafted data to a client or server,
causing a denial of service. (CVE-2025-32913)
Alon Zahavi discovered that libsoup incorrectly handled memory when
parsing HTTP requests. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of
service or obtaining sensitive information. (CVE-2025-32914)
It was discovered that libsoup incorrectly handled memory when parsing
quality-list headers. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of
service. (CVE-2025-46420)
Jan Różański discovered that libsoup did not strip authorization
information upon redirects. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2025-46421)
6 days 10 hours ago
A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
- Timer subsystem;
(CVE-2025-21813)
6 days 11 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Bluetooth drivers;
- Microsoft Azure Network Adapter (MANA) driver;
(CVE-2024-56653, CVE-2025-21953)
6 days 12 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-49944, CVE-2024-26996, CVE-2024-46771, CVE-2024-56651,
CVE-2023-52927, CVE-2021-47191, CVE-2024-56642, CVE-2023-52664,
CVE-2024-53173, CVE-2021-47150, CVE-2024-56770, CVE-2024-50237,
CVE-2024-46780, CVE-2024-36015, CVE-2023-52458, CVE-2024-49925,
CVE-2024-53063, CVE-2024-53066, CVE-2025-21971, CVE-2024-50296,
CVE-2024-50256, CVE-2024-35864, CVE-2024-56631, CVE-2024-53140,
CVE-2021-47219, CVE-2024-56598, CVE-2024-36934, CVE-2021-47163,
CVE-2024-26915, CVE-2024-56650, CVE-2024-26974, CVE-2023-52741,
CVE-2024-26689)
6 days 12 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2025-21971, CVE-2024-50237, CVE-2023-52927, CVE-2023-52458,
CVE-2021-47163, CVE-2024-26689, CVE-2024-53066, CVE-2021-47191,
CVE-2021-47219, CVE-2024-56770, CVE-2024-46780, CVE-2024-56598,
CVE-2023-52741, CVE-2024-53173, CVE-2021-47150, CVE-2024-50296,
CVE-2024-56631, CVE-2024-53063, CVE-2024-56642, CVE-2024-50256,
CVE-2024-26974, CVE-2024-56651, CVE-2024-36934, CVE-2023-52664,
CVE-2024-26996, CVE-2024-26915, CVE-2024-46771, CVE-2024-56650,
CVE-2024-53140, CVE-2024-49925, CVE-2024-36015, CVE-2024-49944,
CVE-2024-35864)
6 days 12 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2023-52741, CVE-2024-56631, CVE-2024-50296, CVE-2024-50256,
CVE-2024-50237, CVE-2021-47219, CVE-2024-49944, CVE-2024-26915,
CVE-2024-56642, CVE-2023-52664, CVE-2024-36934, CVE-2023-52458,
CVE-2024-35864, CVE-2024-56598, CVE-2025-21971, CVE-2024-53063,
CVE-2023-52927, CVE-2024-46771, CVE-2024-49925, CVE-2024-53140,
CVE-2024-36015, CVE-2024-26689, CVE-2024-53173, CVE-2021-47191,
CVE-2024-56770, CVE-2024-56650, CVE-2021-47150, CVE-2021-47163,
CVE-2024-46780, CVE-2024-56651, CVE-2024-26996, CVE-2024-26974,
CVE-2024-53066)
6 days 12 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Ceph distributed file system;
- Netfilter;
(CVE-2023-52664, CVE-2024-26689, CVE-2023-52927)
6 days 12 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Netfilter;
(CVE-2023-52664, CVE-2023-52927)
6 days 13 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Netfilter;
(CVE-2023-52927, CVE-2023-52664)
6 days 13 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Bluetooth drivers;
- Microsoft Azure Network Adapter (MANA) driver;
(CVE-2025-21953, CVE-2024-56653)
Checked
51 minutes 55 seconds ago