Lucene search
K
UbuntuMost viewed

10904 matches found

Ubuntu
Ubuntu
•added 2021/11/09 3:46 a.m.•109 views

USN-5136-1: Linux kernel vulnerabilities

It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.3AI score0.02014EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/09/22 1:29 p.m.•109 views

USN-5085-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.4AI score0.02134EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/05/25 6:20 p.m.•109 views

USN-4965-2: Apport vulnerabilities

USN-4965-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these...

7.3CVSS6.4AI score0.0039EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/03/15 8:17 p.m.•109 views

USN-4773-1: Drupal vulnerabilities

It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely compromise a Drupal site. CVE-2018-7600, CVE-2018-7602 It was discovered that password reset URLs in Drupal could be forged. An attacker could use...

9.8CVSS7.8AI score0.99993EPSS
Exploits58
Ubuntu
Ubuntu
•added 2020/10/27 12:16 p.m.•109 views

USN-4583-2: PHP vulnerabilities

USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. Original advisory details: It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption...

6.5CVSS7.2AI score0.05029EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/17 4:40 p.m.•109 views

USN-4515-1: Pure-FTPd vulnerability

Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. CVE-2020-9274...

7.5CVSS7.3AI score0.05813EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/05/28 11:33 a.m.•109 views

USN-4360-4: json-c vulnerability

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An...

7.8CVSS7.2AI score0.01888EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/17 1:48 a.m.•109 views

USN-4303-1: Linux kernel vulnerability

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information...

6.8CVSS6.7AI score0.00927EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/09 3:21 p.m.•109 views

USN-4297-1: runC vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. CVE-2019-16884 It was discovered that runC incorrectly performed access...

7.5CVSS6.8AI score0.04409EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/02/17 6:13 p.m.•109 views

USN-4279-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. CVE-2015-9253 It was discovered that PHP incorrectly handled certain inputs. An...

9.1CVSS7.6AI score0.08888EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/01/15 10:37 a.m.•109 views

USN-4237-2: SpamAssassin vulnerabilities

USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a...

7.5CVSS7AI score0.07234EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/11/05 11:33 a.m.•109 views

USN-4171-3: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression in the Python Apport library. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root user...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2019/10/10 1:1 p.m.•109 views

USN-4151-2: Python vulnerabilities

USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to tric...

7.5CVSS7.3AI score0.05366EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/09/30 3:5 p.m.•109 views

USN-4143-1: SDL 2.0 vulnerabilities

It was discovered that SDL 2.0 mishandled crafted image files resulting in an integer overflow. If a user were tricked into opening a malicious file, SDL 2.0 could be caused to crash or potentially run arbitrary code. CVE-2017-2888 It was discovered that SDL 2.0 mishandled crafted image files. If...

8.8CVSS7AI score0.03299EPSS
Exploits6
Ubuntu
Ubuntu
•added 2019/07/15 1:25 p.m.•109 views

USN-4056-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19107, CVE-2018-19108 It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denia...

6.5CVSS6.7AI score0.02127EPSS
Exploits5
Ubuntu
Ubuntu
•added 2019/06/19 5:19 p.m.•109 views

USN-4020-1: Firefox vulnerability

A type confusion bug was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code...

8.8CVSS8.1AI score0.37951EPSS
Exploits7
Ubuntu
Ubuntu
•added 2019/06/04 10:55 p.m.•109 views

USN-4007-2: Linux kernel (HWE) vulnerability

USN-4007-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Federico Manuel Bento discovered that the Linux kernel did not properly apply Address...

2.5CVSS6.6AI score0.00495EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/04/23 11:45 a.m.•109 views

USN-3951-1: Dovecot vulnerability

It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service...

7.5CVSS8AI score0.028EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/04/16 5:57 p.m.•109 views

USN-3949-1: OpenJDK 11 vulnerability

It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. CVE-2019-2422 Please note that with this update, the OpenJDK package in Ubuntu 18.04 LTS has...

3.1CVSS6.7AI score0.03374EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/22 1:12 p.m.•109 views

USN-3863-2: APT vulnerability

USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack...

9.3CVSS6.9AI score0.14555EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/09/20 12:12 p.m.•109 views

USN-3770-2: Little CMS vulnerabilities

USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Pedro Ribeiro discoreved that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

7.1CVSS6.6AI score0.03502EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/05/22 3:36 a.m.•109 views

USN-3655-1: Linux kernel vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

8.8CVSS7.8AI score0.60631EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2017/10/31 9:20 a.m.•109 views

USN-3468-3: Linux kernel (GCP) vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service host system crash. CVE-2017-1000252 It was discovered that the Flash-Friendly File System f2fs implementation in the Linux...

7.8CVSS6.9AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2016/12/08 12:30 a.m.•109 views

USN-3154-1: OpenJDK 6 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

9.6CVSS7.2AI score0.05437EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/06/10 9:47 p.m.•109 views

USN-2634-1: Linux kernel vulnerabilities

Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges on the system. CVE-2015-3636 A memory corruption flaw was discovered in the Linux kernel's scsi...

7.2CVSS7AI score0.02472EPSS
Exploits7
Ubuntu
Ubuntu
•added 2015/04/20 3:58 p.m.•109 views

USN-2572-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-3330 It was discovered that PHP incorrectly handled opening tar, zip or ph...

7.5CVSS7.6AI score0.38434EPSS
Exploits11
Ubuntu
Ubuntu
•added 2013/12/12 4:19 p.m.•109 views

USN-2055-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6420 It was discovered that PHP incorrectly handled DateInterval objects. An attack...

7.5CVSS7.6AI score0.35635EPSS
Exploits8
Ubuntu
Ubuntu
•added 2012/11/12 3:41 p.m.•109 views

USN-1629-1: libproxy vulnerabilities

Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code. CVE-2012-4504, CVE-2012-4505...

10CVSS5.7AI score0.03476EPSS
Exploits0
Ubuntu
Ubuntu
•added 2011/10/25 1:8 p.m.•109 views

USN-1245-1: Linux kernel (Marvell DOVE) vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

9.1CVSS7.9AI score0.05689EPSS
Exploits8
Ubuntu
Ubuntu
•added 2006/09/20 12:48 a.m.•109 views

USN-349-1: gzip vulnerabilities

Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking. By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user's privileges...

7.5CVSS6AI score0.05641EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/03/21 1:1 p.m.•108 views

USN-6704-2: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service system crash. CVE-2023-23000 Quentin Minster discovered that the KSMBD...

7.8CVSS7.6AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
•added 2023/11/22 2:45 p.m.•108 views

USN-6505-1: nghttp2 vulnerability

It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
Ubuntu
Ubuntu
•added 2023/08/29 9:12 p.m.•108 views

USN-6317-1: Linux kernel vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

7.8CVSS7.9AI score0.05794EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/07/28 7:47 p.m.•108 views

USN-5537-2: MySQL vulnerability

USN-5537-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.39 in...

4.9CVSS6.3AI score0.01418EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/05/12 12:49 a.m.•108 views

USN-5415-1: Linux kernel vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

8.8CVSS7.2AI score0.021EPSS
Exploits12
Ubuntu
Ubuntu
•added 2022/04/11 7:44 a.m.•108 views

USN-5331-2: tcpdump vulnerabilities

USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial o...

7.8CVSS7.2AI score0.03071EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/23 10:44 p.m.•108 views

USN-5345-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined...

9.6CVSS7.8AI score0.00931EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/03/15 1:16 p.m.•108 views

USN-5327-1: rsh vulnerability

Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions...

5.9CVSS6.4AI score0.02067EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/10/28 6:25 p.m.•108 views

USN-5126-2: Bind vulnerability

USN-5126-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibl...

5.3CVSS6.4AI score0.08001EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/10/22 5:47 a.m.•108 views

USN-5121-1: Mailman vulnerabilities

Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery CSRF tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. CVE-2021-42097 Andre Protas, Richard Cloke, an...

8.5CVSS6.6AI score0.01289EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 11:21 a.m.•108 views

USN-5065-1: Open vSwitch vulnerability

It was discovered that Open vSwitch incorrectly handled decoding RAWENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS6.6AI score0.0118EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/03/15 9:24 p.m.•108 views

USN-4800-1: Lynx vulnerabilities

It was discovered that Lynx incorrectly handled certain URLs. A remote attacker could possibly use this issue to obtain sensitive information or other unspecified impact. This issue only affected Ubuntu 16.04 ESM. CVE-2016-9179 It was discovered that Lynx incorrectly handled certain HTML files. A...

7.5CVSS6.6AI score0.04455EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/27 4:57 p.m.•108 views

USN-4603-1: MariaDB vulnerabilities

It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. CVE-2020-13249 It was discovered that MariaDB has other security issues. An attacker...

9CVSS6.6AI score0.05539EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/17 11:10 a.m.•108 views

USN-4511-1: QEMU vulnerability

Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU incorrectly handled certain USB packets. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default...

5CVSS7.5AI score0.05447EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/05 5:58 p.m.•108 views

USN-4453-1: OpenJDK 8 vulnerabilities

Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could...

8.3CVSS6.5AI score0.04315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/23 6:7 p.m.•108 views

USN-4433-1: OpenJDK vulnerabilities

Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use...

8.3CVSS6.6AI score0.05166EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/14 2:8 p.m.•108 views

USN-4422-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

10CVSS7.1AI score0.77246EPSS
Exploits5
Ubuntu
Ubuntu
•added 2019/12/17 11:14 p.m.•108 views

USN-4223-1: OpenJDK vulnerabilities

Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. CVE-2019-2894 It was discovered that the Socket implementation in OpenJDK did not properly...

6.8CVSS7AI score0.03749EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/12/05 2:15 p.m.•108 views

USN-4214-1: RabbitMQ vulnerability

It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.6AI score0.03317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/10/29 11:39 a.m.•108 views

USN-4166-2: PHP vulnerability

USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use...

9.8CVSS8AI score0.9947EPSS
Exploits54
Total number of security vulnerabilities5000