Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2021/02/24 1:58 p.m.•132 views

USN-4747-1: GNU Screen vulnerability

Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.09147EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/02/18 8:36 p.m.•132 views

USN-4741-1: Jackson vulnerabilities

It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.2AI score0.37925EPSS
Exploits7
Ubuntu
Ubuntu
•added 2021/01/07 1:51 p.m.•132 views

USN-4684-1: EDK II vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...

7.8CVSS7.2AI score0.00328EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/04 12:38 p.m.•132 views

USN-4673-1: libproxy vulnerability

Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS8.3AI score0.03569EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/17 11:3 a.m.•132 views

USN-4510-1: Samba vulnerability

Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schanne...

10CVSS7.8AI score0.99512EPSS
Exploits75
Ubuntu
Ubuntu
•added 2020/06/10 12:42 a.m.•132 views

USN-4392-1: Linux kernel vulnerabilities

It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could...

7.1CVSS7.5AI score0.01218EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2019/06/20 7:47 p.m.•132 views

USN-3977-3: Intel Microcode update

USN-3977-1 and USN-3977-2 provided mitigations for Microarchitectural Data Sampling MDS vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for the Intel Sandy Bridge processor family Ke Sun,...

5.9CVSS6.6AI score0.01553EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2006/08/01 6:6 p.m.•132 views

USN-327-2: firefox regression

USN-327-1 fixed several vulnerabilities in Firefox. Unfortunately the new version introduced a regression in the handling of streamed media. Embedded media which were linked with a scheme other than http:// did not work any more. This update fixes this regression...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/09/06 12:11 a.m.•131 views

USN-6341-1: Linux kernel vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a...

7.8CVSS7.4AI score0.0072EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/20 12:30 p.m.•131 views

USN-5964-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. CVE-2023-27533 Harry Sintonen discovered that curl incorrectly...

9.8CVSS6.5AI score0.02195EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/07/28 11:48 p.m.•131 views

USN-5541-1: Linux kernel (Azure) vulnerabilities

Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Jann Horn discovered that the FUSE file system i...

7.8CVSS6.7AI score0.0155EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/06/21 2:57 p.m.•131 views

USN-5489-1: QEMU vulnerabilities

Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. CVE-2021-3507 It was discovered that QEMU incorrectly...

8.2CVSS7.5AI score0.02701EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/06/07 2:43 p.m.•131 views

USN-5315-1: Ansible vulnerabilities

It was discovered that Ansible did not properly manage directory permissions when running playbooks with an unprivileged become user. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM...

7.1CVSS7.5AI score0.00854EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/05/06 8:42 a.m.•131 views

USN-5259-2: Cron vulnerabilities

USN-5259-1 fixed several vulnerabilities in Cron. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker...

6.9CVSS6.1AI score0.00551EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/04/26 11:57 a.m.•131 views

USN-5388-2: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly verified ECDSA signatures. An attacker could use this issue to bypass the signature verification process. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could...

7.5CVSS6.4AI score0.46677EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/04/05 3:14 p.m.•131 views

USN-5365-1: H2 vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS8.8AI score0.64766EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/03/29 10:6 a.m.•131 views

USN-5313-2: OpenJDK 11 regression

USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...

6.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2022/02/28 12:20 p.m.•131 views

USN-5303-1: PHP vulnerability

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

9.8CVSS7.9AI score0.03002EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/24 1:23 p.m.•131 views

USN-5292-4: snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

7.5AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2021/09/15 2:39 a.m.•131 views

USN-5078-1: Squashfs-Tools vulnerability

Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

8.1CVSS7AI score0.02136EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/06/02 1:21 p.m.•131 views

USN-4976-1: Dnsmasq vulnerability

Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks...

4.3CVSS6.6AI score0.01988EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/04/19 5:52 p.m.•131 views

USN-4918-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. CVE-2021-1252 It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could...

7.8CVSS7.4AI score0.03155EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/03/09 6:25 p.m.•131 views

USN-4761-1: Git vulnerability

Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code...

8CVSS8.4AI score0.88644EPSS
Exploits5
Ubuntu
Ubuntu
•added 2021/02/24 1:51 p.m.•131 views

USN-4746-1: xterm vulnerability

Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.6AI score0.07541EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/01/28 1:41 p.m.•131 views

USN-4707-1: TCMU vulnerability

It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...

8.1CVSS7.8AI score0.02649EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/11/18 12:32 p.m.•131 views

USN-4195-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the...

6.5CVSS6.4AI score0.03726EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/09/04 8:46 p.m.•131 views

USN-4122-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...

9.8CVSS7.3AI score0.0216EPSS
Exploits2
Ubuntu
Ubuntu
•added 2019/07/25 3:19 p.m.•131 views

USN-4075-1: Exim vulnerability

Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root...

10CVSS8.8AI score0.08622EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/04/02 7:29 p.m.•131 views

USN-3931-1: Linux kernel vulnerabilities

M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service guest VM crash...

8.1CVSS6.9AI score0.16523EPSS
Exploits12
Ubuntu
Ubuntu
•added 2023/01/24 12:58 p.m.•130 views

USN-5822-1: Samba vulnerabilities

It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. CVE-2021-20251 Evgeny Legerov discovered that Samba incorrectly handled buffers in certai...

9.8CVSS7.6AI score0.06419EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/09/01 9:4 p.m.•130 views

USN-5587-1: curl vulnerability

Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return a 400 Bad Request Error response. A malicious cookie host could possibly use this to cause denial-of-service...

3.7CVSS6.5AI score0.01839EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/08/18 10:31 a.m.•130 views

USN-5245-1: Apache Maven vulnerability

It was discovered that Apache Maven followed repositories that are defined in a dependency's Project Object Model pom even if the repositories weren't encrypted http protocol. An attacker could use this vulnerability to take over a repository, execute arbitrary code or cause a denial of service...

9.1CVSS7.8AI score0.08691EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/10/04 10:48 p.m.•130 views

USN-5103-1: docker.io vulnerability

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges...

6.3CVSS6.1AI score0.0027EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/21 1:7 p.m.•130 views

USN-5079-4: curl regression

USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/04/20 5:1 p.m.•130 views

USN-4922-1: Ruby vulnerability

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack...

7.5CVSS7.4AI score0.05061EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/04/20 2:23 p.m.•130 views

USN-4918-2: ClamAV vulnerabilities

USN-4918-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang,...

7.8CVSS7.4AI score0.03155EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/06/10 6:31 p.m.•130 views

USN-4387-1: Linux kernel vulnerabilities

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...

7.2CVSS7.1AI score0.00802EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2020/04/07 11:25 p.m.•130 views

USN-4325-1: Linux kernel vulnerabilities

It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-19046 Al Viro discovered that the vfs layer in the Linux...

7.1CVSS6.8AI score0.02745EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/01/08 5:42 p.m.•130 views

USN-4232-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...

8.8CVSS6.6AI score0.19193EPSS
Exploits9
Ubuntu
Ubuntu
•added 2019/12/16 4:37 p.m.•130 views

USN-4222-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...

9.8CVSS6.7AI score0.25065EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/11/05 12:50 p.m.•130 views

USN-4174-1: HAproxy vulnerability

It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation Request Smuggling...

7.5CVSS6.9AI score0.10024EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/01/29 2:54 a.m.•130 views

USN-3872-1: Linux kernel (HWE) vulnerabilities

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...

8.8CVSS6.2AI score0.00477EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/15 4:6 p.m.•130 views

USN-3860-1: libcaca vulnerabilities

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20544 It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS6.7AI score0.02389EPSS
Exploits6
Ubuntu
Ubuntu
•added 2012/12/30 3:49 a.m.•130 views

USN-1680-1: MoinMoin vulnerabilities

It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the priviliges of the web server user 'www-data'. It was...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/06/07 6:49 p.m.•129 views

USN-6817-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

9.1CVSS7.5AI score0.01635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/10/19 10:30 p.m.•129 views

USN-5113-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not...

7.8CVSS6.8AI score0.01476EPSS
Exploits6
Ubuntu
Ubuntu
•added 2021/10/13 12:59 a.m.•129 views

USN-5078-3: Squashfs-Tools vulnerability

USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Richard Weinberger discovered that...

8.1CVSS7AI score0.02136EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/09/23 11:39 a.m.•129 views

USN-5088-1: EDK II vulnerabilities

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2019-11098 Paul Kehrer discovered that OpenSSL use...

8.1CVSS7.3AI score0.50732EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/05/19 1:54 p.m.•129 views

USN-4963-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to crash or hand, resulting in a denial of service...

9.1CVSS6.8AI score0.02876EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/03/08 6:21 p.m.•129 views

USN-4760-1: libzstd vulnerabilities

It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations...

5.5CVSS6.1AI score0.00431EPSS
Exploits1
Total number of security vulnerabilities5000