High CVE-2024-6290: Use after free in Dawn
High CVE-2024-6291: Use after free in Swiftshader
High CVE-2024-6292: Use after free in Dawn
High CVE-2024-6293: Use after free in Dawn
High CVE-2024-6290: Use after free in Dawn
High CVE-2024-6291: Use after free in Swiftshader
High CVE-2024-6292: Use after free in Dawn
High CVE-2024-6293: Use after free in Dawn
It was discovered that Salt incorrectly validated method calls and
sanitized paths. A remote attacker could possibly use this issue to access
some methods without authentication. (CVE-2020-11651, CVE-2020-11652)
High CVE-2024-6290: Use after free in Dawn
High CVE-2024-6291: Use after free in Swiftshader
High CVE-2024-6292: Use after free in Dawn
High CVE-2024-6293: Use after free in Dawn
High CVE-2024-6290: Use after free in Dawn
High CVE-2024-6291: Use after free in Swiftshader
High CVE-2024-6292: Use after free in Dawn
High CVE-2024-6293: Use after free in Dawn
High CVE-2024-6290: Use after free in Dawn
High CVE-2024-6291: Use after free in Swiftshader
High CVE-2024-6292: Use after free in Dawn
High CVE-2024-6293: Use after free in Dawn
USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google
OS Config Agent. This update provides the corresponding update for
Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that Google Guest Agent and Google OS Config Agent incorrectly
handled certain JSON files. An attacker could possibly use this issue to
cause a denial of service.
Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly
handled certain SVG images. A remote attacker could possibly use this
issue to load arbitrary JavaScript code. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10.
(CVE-2023-5631)
Rene Rehme discovered that Roundcube incorrectly handled certain headers.
A remote attacker could possibly use this issue to load arbitrary
JavaScript code. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-47272)
Valentin T. and Lutz Wolf discovered that Roundcube incorrectly handled
certain SVG images. A remote attacker could possibly use this issue to
load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2024-37383)
Huy Nguyễn Phạm Nhật discovered that Roundcube incorrectly handled
certain fields in user preferences. A remote attacker could possibly use
this issue to load arbitrary JavaScript code. (CVE-2024-37384)