Lucene search
K
UbuntuMost viewed

10904 matches found

Ubuntu
Ubuntu
•added 2015/06/15 10:1 p.m.•96 views

USN-2647-1: Linux kernel vulnerability

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system...

7.8CVSS7.4AI score0.37679EPSS
Exploits22
Ubuntu
Ubuntu
•added 2015/03/18 12:33 p.m.•96 views

USN-2535-1: PHP vulnerabilities

Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...

7.5CVSS7.5AI score0.41315EPSS
Exploits11
Ubuntu
Ubuntu
•added 2015/02/04 1:11 a.m.•96 views

USN-2490-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

4.9CVSS6.6AI score0.00583EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/03/18 9:43 p.m.•96 views

USN-1767-1: Linux kernel vulnerabilities

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. CVE-2013-0190 A failure to validate input was discovered in the Linux kernel's Xen netback network backend driver. ...

6.5CVSS7.1AI score0.01557EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/01/16 6:27 p.m.•96 views

USN-1693-1: OpenJDK 7 vulnerabilities

It was discovered that OpenJDK 7's security mechanism could be bypassed via Java applets. If a user were tricked into opening a malicious website, a remote attacker could exploit this to perform arbitrary code execution as the user invoking the program...

10CVSS9.1AI score0.97612EPSS
Exploits38
Ubuntu
Ubuntu
•added 2012/06/12 9:37 p.m.•96 views

USN-1471-1: Linux kernel (Oneiric backport) vulnerabilities

Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server attacker could exploit this flaw to cause a denial of service. CVE-2011-4131 A flaw was discovered in the Linux kernel's KVM kernel virtual machine. An administrative user in the guest OS could leverage...

7.2CVSS6.7AI score0.00775EPSS
Exploits3
Ubuntu
Ubuntu
•added 2012/02/29 1:15 a.m.•96 views

USN-1380-1: Linux kernel vulnerabilities

A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. CVE-2011-2518 A bug was discovered in the Linux kernel's calculation of OOM Out of memory scores, that would result in the wrong process being killed. ...

7.8CVSS6.4AI score0.20492EPSS
Exploits8
Ubuntu
Ubuntu
•added 2011/10/13 12:31 p.m.•96 views

USN-1229-1: PostgreSQL vulnerability

It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort...

5CVSS7.3AI score0.04972EPSS
Exploits0
Ubuntu
Ubuntu
•added 2011/06/22 11:32 a.m.•96 views

USN-1149-1: Firefox and Xulrunner vulnerabilities

Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376 Martin Barbella discovered that under certai...

10CVSS9AI score0.75691EPSS
Exploits19
Ubuntu
Ubuntu
•added 2009/11/10 1:58 p.m.•96 views

USN-857-1: Qt vulnerabilities

It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. CVE-2009-0945 Several flaws were...

9.3CVSS7.8AI score0.29098EPSS
Exploits9
Ubuntu
Ubuntu
•added 2009/03/26 9:20 p.m.•96 views

USN-748-1: OpenJDK vulnerabilities

It was discovered that font creation could leak temporary files. If a user were tricked into loading a malicious program or applet, a remote attacker could consume disk space, leading to a denial of service. CVE-2006-2426, CVE-2009-1100 It was discovered that the lightweight HttpServer did not...

10CVSS6.2AI score0.12692EPSS
Exploits1
Ubuntu
Ubuntu
•added 2009/03/10 8:22 p.m.•96 views

USN-731-1: Apache vulnerabilities

It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a...

5CVSS6.8AI score0.80749EPSS
Exploits10
Ubuntu
Ubuntu
•added 2006/10/02 10:40 p.m.•96 views

USN-355-1: openssh vulnerabilities

Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired...

9.3CVSS7AI score0.44963EPSS
Exploits8
Ubuntu
Ubuntu
•added 2006/09/22 12:0 a.m.•96 views

USN-350-1: Thunderbird vulnerabilities

This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was necessary since the 1.0.x series is not supported by upstream any more. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email...

10CVSS8.3AI score0.14074EPSS
Exploits1
Ubuntu
Ubuntu
•added 2005/05/23 5:29 p.m.•96 views

USN-131-1: Linux kernel vulnerabilities

Colin Percival discovered an information disclosure in the "Hyper Threading Technology" architecture in processors which are capable of simultaneous multithreading in particular Intel Pentium 4, Intel Mobile Pentium 4, and Intel Xeon processors. This allows a malicious thread to monitor the...

7.2CVSS7AI score0.01774EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/08/21 5:6 p.m.•95 views

USN-6950-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...

9.8CVSS6.9AI score0.01305EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/12/14 4:51 p.m.•95 views

USN-6233-2: YAJL vulnerabilities

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a us...

7.5CVSS6.8AI score0.03735EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/10/03 4:57 p.m.•95 views

USN-6407-1: libx11 vulnerabilities

Gregory James Duck discovered that libx11 incorrectly handled certain keyboard symbols. If a user were tricked into connecting to a malicious X server, a remote attacker could use this issue to cause libx11 to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7.2AI score0.00633EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/09/08 9:36 p.m.•95 views

USN-6340-2: Linux kernel vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 Zi Fan Tan discovered that the binder IPC...

10CVSS7.7AI score0.03546EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/06/06 6:44 a.m.•95 views

USN-6140-1: Go vulnerabilities

It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. CVE-2022-41724, CVE-2023-24534, CVE-2023-24537 It was discovered...

9.8CVSS7AI score0.02281EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/04/19 2:6 p.m.•95 views

USN-6029-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the infrared...

7.8CVSS7.1AI score0.0046EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/06 1:9 p.m.•95 views

USN-5922-1: FriBidi vulnerabilities

It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. CVE-2022-25308 It was discovered that...

7.8CVSS7AI score0.00508EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/02 3:48 p.m.•95 views

USN-5909-1: Linux kernel (Azure CVM) vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash or possibly...

8.8CVSS6.9AI score0.01067EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/02/28 3:42 p.m.•95 views

USN-5903-1: lighttpd vulnerabilities

It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service DoS. CVE-2022-22707, CVE-2022-41556...

7.5CVSS7AI score0.08969EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/02/15 11:5 p.m.•95 views

USN-5877-1: Linux kernel (GKE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.6AI score0.02014EPSS
Exploits6
Ubuntu
Ubuntu
•added 2023/01/13 2:4 a.m.•95 views

USN-5803-1: Linux kernel vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.7AI score0.02014EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/08/15 12:23 p.m.•95 views

USN-5568-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS7.7AI score0.70461EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/08/10 5:37 p.m.•96 views

USN-5565-1: Linux kernel vulnerabilities

Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7.8CVSS7.3AI score0.12746EPSS
Exploits12
Ubuntu
Ubuntu
•added 2022/06/08 4:29 a.m.•95 views

USN-5468-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2022-21499 Aaron Adams discovered that the netfilter subsystem in the Linux...

7.8CVSS7.1AI score0.00612EPSS
Exploits7
Ubuntu
Ubuntu
•added 2022/06/06 4:33 p.m.•95 views

USN-5461-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled empty password values. A remote attacker could use this issue to bypass server authentication. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. CVE-2022-24882 It was discovered that FreeRDP incorrectly handled server...

9.8CVSS8.1AI score0.02674EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/05/24 8:31 p.m.•95 views

USN-5444-1: Linux kernel vulnerability

Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7.8CVSS6.6AI score0.01027EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/03 8:32 p.m.•95 views

USN-5262-1: GPT fdisk vulnerabilities

The potential for an out of bounds write due to a missing bounds check was discovered to impact the sgdisk utility of GPT fdisk. Exploitation requires the use of a maliciously formatted storage device and could cause sgdisk to crash as well as possibly allow for local privilege escalation...

7.2CVSS6.7AI score0.00436EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/03 11:54 a.m.•95 views

USN-5269-1: Django vulnerabilities

Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a cross-site scripting attack. CVE-2022-22818 Alan Ryan discovered that Django incorrectly handled file uploads. A remote attacker could possibly use this issu...

7.5CVSS6.9AI score0.49246EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/20 10:35 p.m.•95 views

USN-5186-2: Firefox regressions

USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/06/07 4:41 p.m.•95 views

USN-4937-2: GNOME Autoar regression

USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Original advisory details: Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/02/08 11:36 p.m.•95 views

USN-4717-2: Firefox regression

USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/12/09 12:10 p.m.•95 views

USN-4665-1: curl vulnerabilities

Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. CVE-2020-8231 Varnavas Papaioannou discovered that curl...

7.5CVSS6.8AI score0.09917EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/11/30 12:25 p.m.•95 views

USN-4650-1: QEMU vulnerabilities

Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvir...

6.5CVSS6.6AI score0.02515EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/10/27 1:40 p.m.•95 views

USN-4600-2: Netty vulnerabilities

USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to...

9.1CVSS7.1AI score0.13474EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/10/26 9:1 p.m.•95 views

USN-4599-2: Firefox vulnerabilities

USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...

9.8CVSS7.7AI score0.02743EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/15 8:33 p.m.•95 views

USN-4500-1: bsdiff vulnerabilities

It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code...

7.8CVSS7.7AI score0.06762EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/11/21 12:15 p.m.•95 views

USN-4197-1: Bind vulnerability

It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service...

7.5CVSS6.6AI score0.04022EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/10/15 2:12 p.m.•95 views

USN-4155-1: Aspell vulnerability

It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information...

9.1CVSS7AI score0.03259EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/10/08 9:18 p.m.•95 views

USN-4122-2: Firefox regression

USN-4122-1 fixed vulnerabilities in Firefox. The update caused a regression that resulted in a crash when changing YouTube playback speed in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered i...

7.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2019/09/18 12:40 p.m.•95 views

USN-4136-1: wpa_supplicant and hostapd vulnerability

It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service...

6.5CVSS6.5AI score0.01214EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/09/09 2:34 p.m.•95 views

USN-4125-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information...

7.5CVSS6.5AI score0.02638EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/08/21 1:30 p.m.•95 views

USN-4108-1: Zstandard vulnerability

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

8.1CVSS8AI score0.01424EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/04/18 6:23 p.m.•95 views

USN-3950-1: ZNC vulnerability

It was discovered that ZNC incorrectly handled certain invalid encodings. An authenticated remote user could use this issue to cause ZNC to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.5CVSS7.3AI score0.03133EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/07/25 5:2 p.m.•95 views

USN-3723-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. CVE-2018-1336 It was discovered that the Tomcat WebSocket client incorrectly performed hostname verificatio...

7.5CVSS7.7AI score0.213EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/06/05 2:13 p.m.•95 views

USN-3670-1: elfutils vulnerabilities

Agostino Sarubbo discovered that elfutils incorrectly handled certain malformed ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, elfutils could be made to crash or consume resources, resulting in a denial of service...

5.5CVSS6AI score0.02126EPSS
Exploits7
Total number of security vulnerabilities5000