Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2023/05/10 11:30 a.m.•69 views

USN-6067-1: OpenStack Neutron vulnerabilities

David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-20267...

9.1CVSS6.4AI score0.0189EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/05/01 9:37 a.m.•69 views

USN-6050-1: Git vulnerabilities

It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. CVE-2023-25652 Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to...

7.8CVSS7.3AI score0.52164EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/16 9:21 p.m.•69 views

USN-5962-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits8
Ubuntu
Ubuntu
•added 2023/03/13 4:35 p.m.•69 views

USN-5949-1: Chromium vulnerabilities

It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-0930, CVE-2023-1219, CVE-2023-1220,...

8.8CVSS7.5AI score0.01163EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/02/27 12:24 p.m.•69 views

USN-5890-1: Open vSwitch vulnerabilities

Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.4AI score0.01324EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/10/13 8:0 p.m.•69 views

USN-5678-1: Linux kernel vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

8.2CVSS6.7AI score0.02972EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/09/14 3:1 a.m.•69 views

USN-5583-2: systemd regression

USN-5583-1 fixed vulnerabilities in systemd. Unfortunately this caused a regression by introducing networking problems for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that systemd incorrectly handled certain DNS...

9.8CVSS7.9AI score0.01052EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2022/06/13 2:52 p.m.•69 views

USN-5476-1: Liblouis vulnerabilities

Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. CVE-2022-26981 It was discovered that Liblouis incorrectly handled certain inputs. An attacker could...

7.8CVSS7.1AI score0.01451EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/05/09 5:55 a.m.•69 views

USN-5244-2: DBus vulnerability

USN-5244-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same...

7.8CVSS7.4AI score0.00331EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/11/11 10:30 p.m.•69 views

USN-5146-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code...

8.8CVSS8.4AI score0.01205EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/03/15 8:6 p.m.•69 views

USN-4766-1: Apache Commons BeanUtils vulnerabilities

It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause a crash or execute arbitrary code...

7.5CVSS7AI score0.95821EPSS
Exploits5
Ubuntu
Ubuntu
•added 2020/12/08 3:32 p.m.•69 views

USN-4663-1: GDK-PixBuf vulnerability

Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service...

5.5CVSS6.7AI score0.01477EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/21 7:28 p.m.•69 views

USN-4552-2: Pam-python vulnerability

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...

7.8CVSS7.2AI score0.00356EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/05/21 6:47 p.m.•69 views

USN-4370-2: ClamAV vulnerabilities

USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV ...

7.5CVSS8AI score0.05063EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/28 11:27 p.m.•69 views

USN-4343-1: Linux kernel vulnerability

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7CVSS7.1AI score0.00397EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/31 1:42 p.m.•69 views

USN-4314-1: pam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.7AI score0.04784EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/18 2:49 p.m.•69 views

USN-4307-1: Apache HTTP Server update

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments...

5.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/01/14 1:0 p.m.•69 views

USN-4236-2: Libgcrypt vulnerability

USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information...

6.3CVSS6.8AI score0.0051EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/12/11 4:53 p.m.•69 views

USN-4214-2: RabbitMQ vulnerability

USN-4214-1 fixed a vulnerability in RabbitMQ. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary cod...

9.8CVSS8.7AI score0.03317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/08/28 7:15 p.m.•69 views

USN-4110-3: Dovecot regression

USN-4110-1 fixed a vulnerability in Dovecot. The update introduced a regression causing a wrong check. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker...

9.8CVSS8.5AI score0.62579EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/06/26 6:36 p.m.•69 views

USN-4040-1: Expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service...

7.8CVSS6.5AI score0.07107EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/02/12 4:42 p.m.•69 views

USN-3888-1: GVfs vulnerability

It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information...

7CVSS7AI score0.00368EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/12/03 7:40 p.m.•69 views

USN-3836-1: Linux kernel vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

7CVSS6.9AI score0.07611EPSS
Exploits25
Ubuntu
Ubuntu
•added 2018/11/29 1:1 p.m.•69 views

USN-3831-1: Ghostscript vulnerabilities

It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...

9.8CVSS8.3AI score0.09548EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/07/17 3:5 p.m.•69 views

USN-3717-2: PolicyKit vulnerabilities

USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash,...

4.7CVSS5.7AI score0.01196EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/07/11 12:27 p.m.•69 views

USN-3711-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

8.8CVSS7.8AI score0.03965EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/07/11 12:14 p.m.•69 views

USN-3710-1: curl vulnerability

Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.3AI score0.06433EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/04/17 9:0 p.m.•69 views

USN-3625-2: Perl vulnerabilities

USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a...

9.8CVSS7.5AI score0.10866EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/03/27 2:16 p.m.•69 views

USN-3608-1: Zsh vulnerabilities

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-1071 It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-1083...

7.8CVSS7.5AI score0.00628EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 6:23 p.m.•69 views

USN-3484-3: Linux kernel (GCP) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/23 7:47 p.m.•69 views

USN-3441-2: curl vulnerabilities

USN-3441-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash,...

9.1CVSS6.8AI score0.08465EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/10 12:54 p.m.•69 views

USN-3441-1: curl vulnerabilities

Daniel Stenberg discovered that curl incorrectly handled large floating point output. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-9586...

8.1CVSS6.7AI score0.08465EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/07/27 4:41 p.m.•71 views

USN-3370-1: Apache HTTP Server vulnerability

Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information...

9.1CVSS7.2AI score0.5677EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/27 10:19 p.m.•69 views

USN-3112-1: Thunderbird vulnerabilities

Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensiti...

9.8CVSS7.8AI score0.05037EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/20 2:11 a.m.•69 views

USN-3106-1: Linux kernel vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges...

7.2CVSS7.6AI score0.83524EPSS
Exploits81
Ubuntu
Ubuntu
•added 2016/06/27 8:1 p.m.•69 views

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/03/03 3:12 p.m.•69 views

USN-2919-1: JasPer vulnerabilities

Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. CVE-2016-1577...

7.6CVSS7.5AI score0.03269EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/02/08 8:40 p.m.•69 views

USN-2880-2: Firefox regression

USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong,...

8.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2016/01/19 8:13 p.m.•69 views

USN-2870-2: Linux kernel (Trusty HWE) vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/19 5:4 p.m.•69 views

USN-2872-2: Linux kernel (Wily HWE) vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/19 4:49 p.m.•69 views

USN-2872-1: Linux kernel vulnerability

Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.9AI score0.03646EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/01/11 5:1 p.m.•69 views

USN-2860-1: Oxide vulnerabilities

A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the...

10CVSS8.7AI score0.05497EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/01/07 8:23 p.m.•69 views

USN-2864-1: NSS vulnerability

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

5.9CVSS7.7AI score0.0288EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/07/28 6:56 p.m.•69 views

USN-2693-1: Bind vulnerabilities

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. CVE-2015-5477 Pories Ediansyah discovered that Bind incorrectly handled certain...

7.8CVSS7AI score0.91284EPSS
Exploits13
Ubuntu
Ubuntu
•added 2015/07/28 4:29 p.m.•69 views

USN-2692-1: QEMU vulnerabilities

Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is use...

7.2CVSS7.4AI score0.01594EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/21 1:5 p.m.•69 views

USN-2574-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...

10CVSS5.7AI score0.07224EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/03/25 12:38 p.m.•69 views

USN-2548-1: Batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption...

6.4CVSS8.1AI score0.16677EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/03/04 8:33 a.m.•69 views

USN-2515-2: Linux kernel (Trusty HWE) vulnerabilities regression

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/02/11 5:57 p.m.•69 views

USN-2499-1: PostgreSQL vulnerabilities

Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...

9.8CVSS7.2AI score0.05533EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/08/28 3:31 a.m.•69 views

USN-2327-1: Squid 3 vulnerability

Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service...

5CVSS7.2AI score0.5622EPSS
Exploits0
Total number of security vulnerabilities5000