Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2020-16123

Medium priority
Fixed

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Fixed Fixed Fixed
Show less packages

CVE-2020-15710

Medium priority
Fixed

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Not affected Not affected Fixed
Show less packages

CVE-2020-11931

Medium priority
Fixed

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Fixed Fixed Fixed
Show less packages

CVE-2014-3970

Low priority
Ignored

The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio Not affected Not affected
Show less packages

CVE-2009-1299

Low priority

Some fixes available 1 of 5

The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2009-1894

High priority
Fixed

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2008-0008

Low priority
Fixed

The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages

CVE-2007-1804

Unknown priority
Fixed

PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in...

1 affected packages

pulseaudio

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pulseaudio
Show less packages