Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2020/03/31 1:42 p.m.•69 views

USN-4314-1: pam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.7AI score0.04784EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/18 2:49 p.m.•69 views

USN-4307-1: Apache HTTP Server update

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments...

5.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/01/23 4:57 p.m.•69 views

USN-4233-2: GnuTLS update

USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFYALLOWBROKEN and %VERIFYALLOWSIGNWITHSHA1 priority strings that can be used to temporarily re-enable SHA1 until...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/01/14 1:0 p.m.•69 views

USN-4236-2: Libgcrypt vulnerability

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

6.3CVSS6.8AI score0.0051EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/12/11 4:53 p.m.•69 views

USN-4214-2: RabbitMQ vulnerability

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary cod...

9.8CVSS8.7AI score0.03317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/08/28 7:15 p.m.•69 views

USN-4110-3: Dovecot regression

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker...

9.8CVSS8.5AI score0.62579EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/06/26 6:36 p.m.•69 views

USN-4040-1: Expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service...

7.8CVSS6.5AI score0.07107EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/02/12 4:42 p.m.•69 views

USN-3888-1: GVfs vulnerability

It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information...

7CVSS7AI score0.00368EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/12/03 7:40 p.m.•69 views

USN-3836-1: Linux kernel vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

7CVSS6.9AI score0.07611EPSS
Exploits25
Ubuntu
Ubuntu
•added 2018/11/29 1:1 p.m.•69 views

USN-3831-1: Ghostscript vulnerabilities

It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...

9.8CVSS8.3AI score0.09548EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/09/12 10:13 p.m.•69 views

USN-3747-2: OpenJDK 10 regression

USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: I...

6.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/08/20 5:25 p.m.•69 views

USN-3746-1: APT vulnerability

It was discovered that APT incorrectly handled the mirror method mirror://. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries...

5.9CVSS5.9AI score0.00954EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/07/17 3:5 p.m.•69 views

USN-3717-2: PolicyKit vulnerabilities

USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash,...

4.7CVSS5.7AI score0.01196EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/07/11 12:27 p.m.•69 views

USN-3711-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

8.8CVSS7.8AI score0.03965EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/07/11 12:14 p.m.•69 views

USN-3710-1: curl vulnerability

Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.3AI score0.06433EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/04/17 9:0 p.m.•69 views

USN-3625-2: Perl vulnerabilities

USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a...

9.8CVSS7.5AI score0.10866EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/03/27 2:16 p.m.•69 views

USN-3608-1: Zsh vulnerabilities

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-1071 It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-1083...

7.8CVSS7.5AI score0.00628EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/12 10:54 p.m.•69 views

USN-3544-2: Firefox regressions

USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. I...

7.7AI score0.20024EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/22 4:35 p.m.•69 views

USN-3537-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packag...

7.8CVSS6.5AI score0.0452EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 6:23 p.m.•69 views

USN-3484-3: Linux kernel (GCP) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 6:49 a.m.•69 views

USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux...

7.8CVSS7.4AI score0.0097EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/10/24 1:18 p.m.•69 views

USN-3454-2: libffi vulnerability

USN-3454-1 fixed a vulnerability in libffi. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libffi incorrectly enforced an executable stack. An attacker could possibly use this issue, in combination with another vulnerability, ...

7CVSS7.3AI score0.00503EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/23 7:47 p.m.•69 views

USN-3441-2: curl vulnerabilities

USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash,...

9.1CVSS6.8AI score0.08465EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/10 12:54 p.m.•69 views

USN-3441-1: curl vulnerabilities

Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-9586...

8.1CVSS6.7AI score0.08465EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/07/27 4:41 p.m.•71 views

USN-3370-1: Apache HTTP Server vulnerability

Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information...

9.1CVSS7.2AI score0.5677EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/05/16 6:58 p.m.•69 views

USN-3272-2: Ghostscript regression

USN-3272-1 fixed vulnerabilities in Ghostscript. This change introduced a regression when the DELAYBIND feature is used with the eqproc command. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ghostscript improperly handled...

7AI score0.96968EPSS
Exploits11References1
Ubuntu
Ubuntu
•added 2017/05/05 7:12 a.m.•69 views

USN-3276-1: shadow vulnerabilities

Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain privileges via crafted input. CVE-2016-6252 Tobias Stöckmann discovered a race condition in su. A local attacker could cause su to send SIGKILL to other...

7.8CVSS6.1AI score0.00409EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/27 10:19 p.m.•69 views

USN-3112-1: Thunderbird vulnerabilities

Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensiti...

9.8CVSS7.8AI score0.05037EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/20 2:11 a.m.•69 views

USN-3106-1: Linux kernel vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges...

7.2CVSS7.6AI score0.83524EPSS
Exploits81
Ubuntu
Ubuntu
•added 2016/06/27 8:1 p.m.•69 views

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/03/03 3:12 p.m.•69 views

USN-2919-1: JasPer vulnerabilities

Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. CVE-2016-1577...

7.6CVSS7.5AI score0.03269EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/02/08 8:40 p.m.•69 views

USN-2880-2: Firefox regression

USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong,...

8.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2016/01/19 8:13 p.m.•69 views

USN-2870-2: Linux kernel (Trusty HWE) vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/19 5:4 p.m.•69 views

USN-2872-2: Linux kernel (Wily HWE) vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/19 4:49 p.m.•69 views

USN-2872-1: Linux kernel vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/11 5:1 p.m.•69 views

USN-2860-1: Oxide vulnerabilities

A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the...

10CVSS8.7AI score0.05497EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/01/07 8:23 p.m.•69 views

USN-2864-1: NSS vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

5.9CVSS7.7AI score0.0288EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/12/01 8:37 p.m.•69 views

USN-2823-1: Linux kernel vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service system crash. CVE-2015-5283 Dmitry Vyukov discovered that the Linux kernel's keyring handler...

4.7CVSS6.3AI score0.00549EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/10/05 2:30 p.m.•69 views

USN-2754-1: Thunderbird vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, and Cameron McCormack discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a...

7.5CVSS9.1AI score0.0608EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/09/24 4:31 p.m.•69 views

USN-2743-3: Unity Integration for Firefox, Unity Websites Integration and Ubuntu Online Accounts extension update

USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations LP:...

9.2AI score0.0608EPSS
Exploits0References2
Ubuntu
Ubuntu
•added 2015/07/28 6:56 p.m.•69 views

USN-2693-1: Bind vulnerabilities

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. CVE-2015-5477 Pories Ediansyah discovered that Bind incorrectly handled certain...

7.8CVSS7AI score0.91284EPSS
Exploits13
Ubuntu
Ubuntu
•added 2015/07/28 4:29 p.m.•69 views

USN-2692-1: QEMU vulnerabilities

Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is use...

7.2CVSS7.4AI score0.01594EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/21 1:5 p.m.•69 views

USN-2574-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...

10CVSS5.7AI score0.07224EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/03/25 12:38 p.m.•69 views

USN-2548-1: Batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption...

6.4CVSS8.1AI score0.16677EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/03/04 8:33 a.m.•69 views

USN-2515-2: Linux kernel (Trusty HWE) vulnerabilities regression

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/02/11 5:57 p.m.•69 views

USN-2499-1: PostgreSQL vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...

9.8CVSS7.2AI score0.05533EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/12/03 3:57 p.m.•69 views

USN-2428-1: Thunderbird vulnerabilities

Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service...

6.8CVSS8.4AI score0.04052EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/08/28 3:31 a.m.•69 views

USN-2327-1: Squid 3 vulnerability

Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service...

5CVSS7.2AI score0.5622EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/04/30 10:18 p.m.•69 views

USN-2189-1: Thunderbird vulnerabilities

Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially...

9.8CVSS8.5AI score0.07543EPSS
Exploits5References1
Ubuntu
Ubuntu
•added 2014/04/03 2:18 p.m.•69 views

USN-2160-1: LibYAML vulnerability

Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.8CVSS7.6AI score0.09264EPSS
Exploits2
Total number of security vulnerabilities5000