Lucene search
K
UbuntuMost viewed

10876 matches found

Ubuntu
Ubuntu
•added 2023/08/15 3:17 p.m.•104 views

USN-6289-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS7.3AI score0.01346EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/01/06 10:52 p.m.•105 views

USN-5793-1: Linux kernel vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

7.8CVSS7AI score0.01364EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/06/08 5:1 a.m.•104 views

USN-5470-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2022-21499 Aaron Adams discovered that the netfilter subsystem in the Linux...

6.7CVSS6.9AI score0.00617EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/05/24 11:46 a.m.•104 views

USN-5440-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser...

8.8CVSS7.7AI score0.12403EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/05/05 8:14 a.m.•104 views

USN-5354-2: Twisted vulnerability

USN-5354-1 fixed vulnerabilities in Twisted. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 22.04 LTS. Original advisory details: It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attack...

7.5CVSS7.4AI score0.03608EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/04/11 12:29 p.m.•104 views

USN-5373-2: Django vulnerabilities

USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra...

9.8CVSS7.4AI score0.18661EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/04/11 11:36 a.m.•104 views

USN-5373-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate, aggregate, and extra methods. A remote attacker could possibly use this issue to perform an SQL injection attack. CVE-2022-28346 It was discovered that Django incorrectly handled certain...

9.8CVSS7.3AI score0.18661EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/14 10:54 a.m.•104 views

USN-5323-1: NBD vulnerabilities

It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.6AI score0.0347EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/01/27 5:25 p.m.•104 views

USN-5064-2: GNU cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...

7.8CVSS7AI score0.0415EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/19 5:39 p.m.•104 views

USN-5203-1: Apache Log4j 2 vulnerability

Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...

5.9CVSS7.4AI score0.99999EPSS
Exploits20
Ubuntu
Ubuntu
•added 2021/10/21 2:5 p.m.•104 views

USN-5119-1: libcaca vulnerabilities

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a crash. CVE-2021-30498, CVE-2021-30499...

7.8CVSS7AI score0.01353EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/09/21 11:41 a.m.•104 views

USN-5084-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

6.5CVSS7AI score0.01409EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 1:28 p.m.•104 views

USN-5066-2: PySAML2 vulnerability

USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7.1AI score0.0118EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/08/30 12:17 p.m.•104 views

USN-5055-1: GNOME grilo vulnerability

Michael Catanzaro discovered that grilo incorrectly handled certain TLS certificate verification. An attacker could possibly use this issue to MITM attacks...

5.9CVSS5.9AI score0.00866EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/23 9:23 a.m.•104 views

LSN-0073-1: Kernel Live Patch Security Notice

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

8.8CVSS7.9AI score0.07693EPSS
Exploits6
Ubuntu
Ubuntu
•added 2020/09/02 2:22 a.m.•104 views

USN-4486-1: Linux kernel vulnerability

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service system crash...

5.5CVSS6.8AI score0.00574EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/18 4:25 a.m.•104 views

USN-4462-1: Linux kernel vulnerability

It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service...

5.5CVSS6.8AI score0.00519EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/05/28 12:7 p.m.•104 views

USN-4376-1: OpenSSL vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

5.3CVSS6.6AI score0.14298EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/01/23 6:19 p.m.•104 views

USN-4230-2: ClamAV vulnerability

USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV ...

7.5CVSS7.5AI score0.03135EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/11/13 1:6 a.m.•104 views

USN-4186-1: Linux kernel vulnerabilities

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...

9.8CVSS7.8AI score0.72105EPSS
Exploits27References1
Ubuntu
Ubuntu
•added 2019/09/05 12:42 p.m.•104 views

USN-4123-1: npm/fstream vulnerability

It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem...

7.5CVSS8AI score0.02416EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/09/03 6:35 p.m.•104 views

USN-4120-1: systemd vulnerability

It was discovered that the systemd-resolved D-Bus interface did not enforce appropriate access controls. A local unprivileged user could exploit this to modify a system's DNS resolver settings...

4.4CVSS6AI score0.00511EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/08/28 12:30 p.m.•104 views

USN-4110-1: Dovecot vulnerability

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

9.8CVSS8.5AI score0.62579EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/07/25 11:47 a.m.•104 views

USN-4073-1: libEBML vulnerability

It was discovered that libEBML incorrectly handled certain media files. If a user were tricked into opening a specially crafted media file, libEBML could possibly be made to crash, resulting in a denial of service...

5.5CVSS5.6AI score0.02492EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/06/19 7:53 p.m.•104 views

USN-4022-1: Gunicorn vulnerability

It was discovered that gunicorn improperly handled certain input. An attacker could potentially use this issue execute a cross-site scripting XSS attack...

7.5CVSS7AI score0.02431EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/05/14 9:3 p.m.•104 views

USN-3983-1: Linux kernel vulnerabilities

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered...

5.9CVSS6.5AI score0.01553EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2019/04/08 12:57 p.m.•104 views

USN-3940-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2019-1787 It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote...

7.5CVSS7.2AI score0.01839EPSS
Exploits2
Ubuntu
Ubuntu
•added 2019/03/21 5:9 p.m.•104 views

USN-3913-1: P7ZIP vulnerabilities

It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to abitrary code execution...

8.8CVSS7.5AI score0.09795EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/08/28 6:52 p.m.•104 views

USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities

It was discovered that, when attempting to handle an out-of-memory situation, a null pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service system crash. CVE-2018-1000200 Wen Xu discovered that the XFS...

7.8CVSS7.5AI score0.16352EPSS
Exploits18
Ubuntu
Ubuntu
•added 2018/08/27 6:48 p.m.•104 views

USN-3756-1: Intel Microcode vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

5.6CVSS7.2AI score0.60631EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/08/24 12:34 a.m.•104 views

USN-3753-1: Linux kernel vulnerabilities

It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. CVE-2017-13168 Wen Xu discovered that a use-after-free vulnerability...

7.8CVSS7.3AI score0.02342EPSS
Exploits8
Ubuntu
Ubuntu
•added 2018/07/30 5:6 p.m.•104 views

USN-3725-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.61 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.23. In addition to security fixes, the updated...

7.1CVSS6.4AI score0.03683EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/03/29 2:36 p.m.•104 views

USN-3531-3: intel-microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. CVE-2017-5715 This...

5.6CVSS7.1AI score0.74041EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/09/19 4:53 p.m.•104 views

USN-3425-1: Apache HTTP Server vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...

7.5CVSS7.2AI score0.94999EPSS
Exploits9
Ubuntu
Ubuntu
•added 2017/04/05 4:8 a.m.•104 views

USN-3256-2: Linux kernel (HWE) vulnerability

USN-3256-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel for each of the respective prior Ubuntu LTS releases. Andrey Konovalov discovered that the...

7.8CVSS6.7AI score0.17827EPSS
Exploits17
Ubuntu
Ubuntu
•added 2016/05/03 2:49 p.m.•104 views

USN-2959-1: OpenSSL vulnerabilities

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-2108 Juraj...

10CVSS8.1AI score0.89058EPSS
Exploits7
Ubuntu
Ubuntu
•added 2016/01/14 3:36 p.m.•104 views

USN-2869-1: OpenSSH vulnerabilities

It was discovered that the OpenSSH client experimental support for resuming connections contained multiple security issues. A malicious server could use this issue to leak client memory to the server, including private client user keys...

8.1CVSS7.3AI score0.63468EPSS
Exploits3
Ubuntu
Ubuntu
•added 2015/08/06 7:6 p.m.•104 views

USN-2706-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732,...

10CVSS7.4AI score0.9986EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/11/25 3:20 a.m.•104 views

USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

7.5CVSS6.9AI score0.05421EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/06/27 8:47 a.m.•104 views

USN-2260-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Linux kernel's pseudo tty pty device. An unprivileged user could exploit this flaw to cause a denial of service system crash or potentially gain administrator privileges. CVE-2014-0196 Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged...

7.8CVSS7.2AI score0.37233EPSS
Exploits34
Ubuntu
Ubuntu
•added 2013/09/05 10:10 p.m.•104 views

USN-1938-1: Linux kernel vulnerabilities

Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that allows specified to be run as root. A local could exploit this flaw to run commands as root when using the perf tool. user could exploit this CVE-2013-1060 A flaw was discovered in the Xen subsystem of the Linux kernel when it...

6.9CVSS6.6AI score0.01013EPSS
Exploits5
Ubuntu
Ubuntu
•added 2010/10/19 5:50 p.m.•104 views

USN-1000-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a...

10CVSS7.3AI score0.11217EPSS
Exploits39References1
Ubuntu
Ubuntu
•added 2025/03/31 7:36 p.m.•103 views

USN-7400-1: PHP vulnerabilities

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2024-11235 It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or...

9.8CVSS6.7AI score0.01263EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/05/30 5:37 p.m.•103 views

USN-6123-1: Linux kernel (OEM) vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

7.8CVSS6.8AI score0.12966EPSS
Exploits8
Ubuntu
Ubuntu
•added 2023/04/25 3:53 p.m.•103 views

USN-6039-1: OpenSSL vulnerabilities

It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of...

7.5CVSS6.9AI score0.03658EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/02/16 9:20 a.m.•103 views

USN-5873-1: Go Text vulnerabilities

It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14040 It was discovered that Go Text incorrectly handled certain BCP 47 language...

7.5CVSS7.1AI score0.02297EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/05/16 4:8 p.m.•103 views

USN-5422-1: libxml2 vulnerabilities

Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. CVE-2022-23308 It was...

7.5CVSS7.7AI score0.0601EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/04/28 6:23 p.m.•103 views

USN-5397-1: curl vulnerabilities

Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. CVE-2022-22576 Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensiti...

8.1CVSS6.7AI score0.03425EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/03/30 8:17 a.m.•103 views

USN-5354-1: Twisted vulnerabilities

It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21712 It was discovered that Twisted incorrectly processed SSH handshake data on connection...

7.5CVSS7.4AI score0.03608EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/24 8:54 p.m.•103 views

USN-4586-2: PHP ImageMagick vulnerability

USN-4586-1 fixed vulnerabilities in PHP ImageMagick. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick...

9.8CVSS7.2AI score0.01972EPSS
Exploits0
Total number of security vulnerabilities5000