Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Bind vulnerabilities (USN-8124-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8124-1 advisory. Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issu...

UBUNTU-CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

UBUNTU-CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

EUVD-2013-1102

Malware in sbrugna...

UBUNTU-CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

CVE-2020-5911

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system...

CVE-2013-1062

ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1...

CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

Ubuntu: Security Advisory (USN-7358-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7173-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2024-7701

Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0...

UBUNTU-CVE-2023-45931

DISPUTED Mesa 23.0.4 was discovered to contain a NULL pointer dereference in checkxshm for the haserror state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated...

UBUNTU-CVE-2023-37328

GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may va...

UBUNTU-CVE-2022-22892

There is an Assertion 'ecmaisvalueundefined value || ecmaisvaluenull value || ecmaisvalueboolean value || ecmaisvaluenumber value || ecmaisvaluestring value || ecmaisvaluebigint value || ecmaisvaluesymbol value || ecmaisvalueobject value' failed at jerry-core/ecma/base/ecma-helpers-value.c in...

The vulnerability of the `check_attachment_for_errors` function in the `data/general-hooks/ubuntu.py` file of the Apport operating system’s error registration service allows a hacker to disclose protected information.

The vulnerability of the checkattachmentforerrors function in the data/general-hooks/ubuntu.py file of the Apport Ubuntu system registry service is related to a data leak regarding files and directories. Exploiting this vulnerability could allow an attacker to disclose sensitive information that ...

UBUNTU-CVE-2021-35613

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful...

The vulnerability of the Unity-firefox-extension package in the Ubuntu operating system allows a hacker to trigger a service failure.

The vulnerability of the Unity-firefox-extension package in the Ubuntu operating system is related to resource release errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Linux Mint 18.3-19.1 - yelp Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' URI handler command injection vulnerability", 'Description'...

Linux Mint 18.3-19.1 - yelp Command Injection (Metasploit)

Linux Mint 18.3-19.1 - yelp Command Injection Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' UR...

UBUNTU-CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...