Lucene search
K
UbuntuMost viewed

10905 matches found

Ubuntu
Ubuntu
•added 2017/02/27 6:4 p.m.•118 views

USN-3212-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

9.8CVSS7.7AI score0.13722EPSS
Exploits16
Ubuntu
Ubuntu
•added 2015/07/20 10:4 p.m.•118 views

USN-2673-1: Thunderbird vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...

10CVSS7.9AI score0.9986EPSS
Exploits2
Ubuntu
Ubuntu
•added 2012/03/12 2:37 p.m.•118 views

USN-1397-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security...

8.5CVSS6.9AI score0.69552EPSS
Exploits23
Ubuntu
Ubuntu
•added 2006/07/19 10:58 p.m.•118 views

USN-320-1: PHP vulnerabilities

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

9.3CVSS8AI score0.20514EPSS
Exploits10
Ubuntu
Ubuntu
•added 2024/08/09 12:6 a.m.•117 views

USN-6952-1: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

9.8CVSS7.8AI score0.01483EPSS
Exploits3
Ubuntu
Ubuntu
•added 2024/06/26 1:1 p.m.•117 views

USN-6819-4: Linux kernel (Oracle) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

7.8CVSS6.9AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/01/17 5:43 p.m.•117 views

USN-6588-1: PAM vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

5.5CVSS6.3AI score0.00459EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/02/09 2:24 p.m.•117 views

USN-5850-1: Linux kernel vulnerabilities

It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service memory exhaustion. CVE-2022-3619 It was discovered that the Broadcom FullMAC USB WiFi driver in the Linu...

8.8CVSS6.9AI score0.01067EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/02/07 5:24 p.m.•117 views

USN-5845-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Octavio Galland and Marcel Böhme discovered that OpenSS...

7.5CVSS7.9AI score0.59501EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/09/12 7:45 a.m.•117 views

USN-5232-1: Fail2ban vulnerability

Jakub Żoczek discovered that certain Fail2ban actions handled whois responses in an insecure way. If Fail2ban was configured to use certain mail actions like 'mail-whois' on a target system, a remote attacker who was able to control whois responses to this target system could possibly execute...

8.1CVSS8AI score0.03621EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/07/14 1:5 a.m.•117 views

USN-5518-1: Linux kernel vulnerabilities

It was discovered that the eBPF implementation in the Linux kernel did not properly prevent writes to kernel objects in BPFBTFLOAD commands. A privileged local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-0500 It was discovered tha...

7.8CVSS7.2AI score0.00545EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/07/05 1:3 p.m.•118 views

USN-5502-1: OpenSSL vulnerability

Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS7.1AI score0.04425EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/24 12:13 p.m.•117 views

USN-5347-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

9.8CVSS7.4AI score0.03519EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/17 1:49 p.m.•117 views

USN-5332-2: Bind vulnerability

USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. ...

6.8CVSS7AI score0.0325EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/15 5:52 p.m.•117 views

USN-5329-1: tar vulnerability

It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service...

4.3CVSS6.5AI score0.01092EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/01/27 5:34 p.m.•117 views

USN-5255-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

9.3CVSS7.4AI score0.07617EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/12 12:46 p.m.•117 views

USN-5225-1: lxml vulnerability

It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code...

8.2CVSS7.7AI score0.02456EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/01/05 5:31 p.m.•117 views

USN-5206-1: Linux kernel (OEM) vulnerability

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages...

4.4CVSS6.6AI score0.00515EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/11/30 10:22 p.m.•117 views

USN-5162-1: Linux kernel vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

7.8CVSS7AI score0.00533EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/26 3:37 p.m.•117 views

USN-5053-1: libssh vulnerability

It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.5CVSS6.8AI score0.04683EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/17 5:31 p.m.•117 views

USN-5043-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622 It was discovered that Exiv2 incorrectly handled certain image files. An attacker could...

5.5CVSS6.3AI score0.01109EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/04/29 4:48 p.m.•117 views

USN-4930-1: Samba vulnerability

Peter Eriksson discovered that Samba incorrectly handled certain negative idmap cache entries. This issue could result in certain users gaining unauthorized access to files, contrary to expected behaviour...

6.8CVSS7AI score0.01616EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/03/15 9:18 p.m.•117 views

USN-4796-1: Node.js vulnerabilities

Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...

8.8CVSS7.6AI score0.41288EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/12/13 11:27 p.m.•117 views

USN-4660-2: Linux kernel regression

USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/10/22 2:48 p.m.•117 views

USN-4593-2: FreeType vulnerability

USN-4593-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Sergei Glazunov discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font...

9.6CVSS8.7AI score0.5063EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/06/10 12:44 a.m.•117 views

USN-4393-1: Linux kernel vulnerabilities

It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could...

7.1CVSS7.6AI score0.01218EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2020/04/07 12:10 p.m.•117 views

USN-4321-1: HAProxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

8.8CVSS7.6AI score0.60727EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/01/27 3:12 p.m.•117 views

USN-4252-1: tcpdump vulnerabilities

Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS6.6AI score0.06816EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/11/13 12:11 a.m.•117 views

USN-4183-1: Linux kernel vulnerabilities

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...

9.8CVSS8AI score0.12651EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2019/09/16 4:42 a.m.•117 views

USN-4133-1: Wireshark vulnerabilities

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file...

7.5CVSS6.8AI score0.06079EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/04/02 9:36 p.m.•117 views

USN-3933-1: Linux kernel vulnerabilities

It was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information kernel memory. CVE-2017-1000410 It was discovered that the USB serial device driver in the Linux...

8.1CVSS6.2AI score0.16523EPSS
Exploits11
Ubuntu
Ubuntu
•added 2018/08/06 9:45 p.m.•117 views

USN-3732-1: Linux kernel vulnerability

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service...

7.8CVSS6.7AI score0.7354EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/02/02 2:2 p.m.•117 views

USN-3177-2: Tomcat regression

USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Tomcat realm implementations...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2016/11/01 7:40 p.m.•117 views

USN-3119-1: Bind vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

7.5CVSS7.4AI score0.38733EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/10/09 12:48 p.m.•117 views

USN-2380-1: Bash vulnerabilities

Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and...

10CVSS7.9AI score0.99621EPSS
Exploits36
Ubuntu
Ubuntu
•added 2009/11/11 4:49 p.m.•117 views

USN-853-2: Firefox and Xulrunner regression

USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Alin Ra...

8.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/07/29 4:27 a.m.•116 views

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

9.1CVSS7.5AI score0.02919EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/07/19 12:11 p.m.•116 views

USN-6237-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

5.9CVSS6.5AI score0.02211EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/02/28 3:11 a.m.•116 views

USN-5898-1: OpenJDK vulnerabilities

It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. CVE-2023-21830 Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properl...

5.3CVSS6.7AI score0.01357EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/12/13 11:33 a.m.•116 views

USN-5253-1: Rack vulnerabilities

It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...

10CVSS7.7AI score0.03687EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/08/10 4:59 p.m.•116 views

USN-5564-1: Linux kernel (Intel IoTG) vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7.8CVSS7.7AI score0.12746EPSS
Exploits26
Ubuntu
Ubuntu
•added 2022/05/10 5:44 p.m.•116 views

USN-5408-1: Dnsmasq vulnerability

Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or expose sensitive information...

7.5CVSS7.8AI score0.01487EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/04/21 6:25 a.m.•116 views

USN-5385-1: Linux kernel vulnerabilities

Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service system crash or possibly execute arbitrary...

6.7CVSS6.6AI score0.00513EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/30 3:47 p.m.•116 views

USN-5356-1: DOSBox vulnerabilities

Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-7165 Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could...

9.8CVSS8.7AI score0.06685EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/17 1:54 p.m.•116 views

USN-5291-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. CVE-2021-23177, CVE-2021-31566 It was...

7.8CVSS7.3AI score0.02845EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/17 12:46 p.m.•116 views

USN-5192-2: Apache Log4j 2 vulnerability

USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this...

10CVSS7.9AI score0.99999EPSS
Exploits351
Ubuntu
Ubuntu
•added 2021/07/07 7:17 p.m.•116 views

USN-5008-2: Avahi vulnerability

USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this...

5.5CVSS7.3AI score0.0045EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/06/30 2:27 p.m.•116 views

USN-4905-2: X.Org X Server vulnerability

USN-4905-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could us...

7.8CVSS7.8AI score0.0105EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/06/07 1:50 p.m.•116 views

USN-4975-2: Django vulnerability

USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly...

4.9CVSS6.8AI score0.02737EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/06/01 11:20 a.m.•116 views

USN-4970-1: GUPnP vulnerability

It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information...

8.1CVSS7.6AI score0.01084EPSS
Exploits0
Total number of security vulnerabilities5000