Lucene search
K
UbuntuMost viewed

10905 matches found

Ubuntu
Ubuntu
•added 2023/08/03 12:31 p.m.•92 views

USN-6272-1: OpenJDK 20 vulnerabilities

Motoyasu Saburi discovered that OpenJDK 20 incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2023-22006 Eirik Bjørsnøs discovered that OpenJDK 20 incorrectly handled certain ZIP archives. ...

7.5CVSS6.1AI score0.01812EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/07 12:7 a.m.•92 views

USN-5927-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.6AI score0.03702EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/03 12:52 a.m.•92 views

USN-5915-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.9CVSS7.8AI score0.71737EPSS
Exploits11
Ubuntu
Ubuntu
•added 2023/03/03 12:28 a.m.•92 views

USN-5913-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.1AI score0.06346EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/02/28 2:55 a.m.•92 views

USN-5897-1: OpenJDK vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

5.3CVSS6.6AI score0.01836EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/01/19 4:4 p.m.•92 views

USN-5810-2: Git regression

USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly...

8.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/01/12 5:12 p.m.•92 views

USN-5800-1: Heimdal vulnerabilities

It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. CVE-2021-44758 Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote...

9.8CVSS7.1AI score0.06419EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/06/16 4:22 p.m.•92 views

USN-5482-1: SPIP vulnerabilities

It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2020-28984 Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting XSS. If a...

9.8CVSS7.5AI score0.02879EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/10/04 3:9 p.m.•92 views

USN-5099-1: Imlib2 vulnerability

It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code...

9.1CVSS8.5AI score0.01589EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 5:11 p.m.•92 views

USN-5069-2: mod-auth-mellon vulnerability

USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/31 5:40 p.m.•92 views

USN-5060-2: NTFS-3G vulnerabilities

USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary co...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/04 4:18 p.m.•92 views

USN-5031-1: openCryptoki vulnerability

It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/05/11 6:30 p.m.•92 views

USN-4944-1: MariaDB vulnerabilities

This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/01/04 1:52 p.m.•92 views

USN-4668-3: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A loca...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/11/12 8:31 p.m.•92 views

USN-4632-1: SLiRP vulnerabilities

It was discovered that the SLiRP networking implementation of the QEMU emulator did not properly manage memory under certain circumstances. An attacker could use this to cause a heap-based buffer overflow or other out- of-bounds access, which can lead to a denial of service application crash or...

6.8CVSS7.6AI score0.03566EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/16 1:58 p.m.•92 views

USN-4504-1: OpenSSL vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

5.3CVSS6.7AI score0.14298EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/08 4:18 p.m.•92 views

USN-4487-2: libx11 vulnerabilities

USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to...

7.8CVSS7.3AI score0.00575EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/17 4:46 p.m.•92 views

USN-4460-1: Oniguruma vulnerabilities

It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246...

9.8CVSS7.1AI score0.10539EPSS
Exploits5
Ubuntu
Ubuntu
•added 2020/08/04 1:31 p.m.•92 views

USN-4447-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

5.9CVSS6.6AI score0.04105EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 2:32 p.m.•92 views

USN-4438-1: SQLite vulnerability

It was discovered that SQLite incorrectly handled query-flattener optimization. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS7.7AI score0.01027EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/15 2:49 p.m.•92 views

USN-4424-1: snapd vulnerabilities

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intende...

7.3CVSS6.6AI score0.00365EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/11 2:52 p.m.•92 views

USN-4276-1: Yubico PIV Tool vulnerabilities

It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...

7.2CVSS6.2AI score0.00486EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/02/05 12:12 p.m.•92 views

USN-4267-1: ARM mbed TLS vulnerabilities

It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. CVE-2017-18187 It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a...

9.8CVSS7.6AI score0.04884EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/01/16 5:9 p.m.•92 views

USN-4241-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting XSS attacks, or execute arbitrary code...

8.8CVSS7.8AI score0.46589EPSS
Exploits11
Ubuntu
Ubuntu
•added 2019/09/18 2:4 p.m.•92 views

USN-4136-2: wpa_supplicant and hostapd vulnerability

USN-4136-1 fixed a vulnerability in wpasupplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant incorrectly handled certain management frames. An attacker could possibly use this issue to...

6.5CVSS6.5AI score0.01214EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/06/20 1:31 p.m.•92 views

USN-4023-1: Mosquitto vulnerabilities

It was discovered that Mosquitto broker incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service...

7.5CVSS6.5AI score0.02173EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/02/18 3:43 p.m.•92 views

USN-3850-2: NSS vulnerabilities

USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack...

5.9CVSS6.3AI score0.44398EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/20 11:39 p.m.•92 views

USN-3849-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/10 4:15 p.m.•92 views

USN-3842-1: CUPS vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery CSRF attacks...

6.8AI score
Exploits1
Ubuntu
Ubuntu
•added 2018/08/10 2:0 a.m.•92 views

USN-3735-1: OpenJDK 7 vulnerability

It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it. An attacker could use this to potentially construct a class that caused a denial of service excessive memory consumption...

4.3CVSS6.5AI score0.04184EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/07/21 12:17 a.m.•92 views

USN-3718-1: Linux kernel regression

USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression where insufficient early entropy prevented services from starting, leading in some situations to a failure to boot, This update addresses the issue. We...

6.4AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2018/06/21 6:18 p.m.•92 views

USN-3691-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. CVE-2018-2790 Francesc...

8.3CVSS5.9AI score0.15141EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/06/14 12:37 p.m.•92 views

USN-3686-1: file vulnerabilities

Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-9620 Alexander Cherepanov discovered that file incorrectly handled certain long strings. An...

7.5CVSS7.2AI score0.04985EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/17 12:57 p.m.•92 views

USN-3534-1: GNU C Library vulnerabilities

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001 A memory leak was...

9.8CVSS8.2AI score0.13614EPSS
Exploits16
Ubuntu
Ubuntu
•added 2018/01/09 11:10 p.m.•92 views

USN-3522-1: Linux kernel vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/10/31 10:25 a.m.•92 views

USN-3469-1: Linux kernel vulnerabilities

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2017-10911 Bo Zhang discovered tha...

7.8CVSS6.4AI score0.01155EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/10/24 5:19 p.m.•92 views

USN-3388-2: Subversion vulnerabilities

USN-3388-1 fixed several vulnerabilities in Subversion. This update provides the corresponding update for Ubuntu 12.04 ESM. Ivan Zhakov discovered that Subversion did not properly handle some requests. A remote attacker could use this to cause a denial of service. CVE-2016-2168 Original advisory...

9.8CVSS7.6AI score0.19628EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/09/14 12:54 a.m.•92 views

USN-3415-1: tcpdump vulnerabilities

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service application crash or possibly execute arbitrary code. CVE-2017-11543 Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function...

9.8CVSS8.1AI score0.06196EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/06/01 2:4 p.m.•92 views

USN-3307-1: OpenLDAP vulnerability

Karsten Heymann discovered that OpenLDAP incorrectly handled certain search requests. A remote attacker could use this issue to cause slapd to crash, resulting in a denial of service...

6.5CVSS6.8AI score0.07143EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/04/28 6:17 a.m.•92 views

USN-3272-1: Ghostscript vulnerabilities

It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service application crash...

7.8CVSS6.9AI score0.96968EPSS
Exploits11
Ubuntu
Ubuntu
•added 2017/03/21 2:58 a.m.•92 views

USN-3239-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-8982 It was discovered that an integer...

8.1CVSS7.8AI score0.0627EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/01/11 9:24 a.m.•92 views

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Andrey Konovalov discovered that the ipv6 icmp implementation in the Linux kernel did not properly check data structures on send. A remote attacker could use this to cause a denial of service system crash. CVE-2016-9919 Andrey Konovalov discovered that signed integer overflows existed in the...

7.8CVSS6.6AI score0.05671EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/01/11 8:26 a.m.•92 views

USN-3169-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2016-9794 Andrey Konovalov discovered that signed integer...

7.8CVSS6.5AI score0.01566EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/01/11 6:12 a.m.•92 views

USN-3167-2: Linux kernel (OMAP4) vulnerabilities

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment CS in certain error cases. A local attacker could use this to expose sensitive information kernel memory. CVE-2016-9756 Baozeng Ding discovered a race condition that could lead to...

7.8CVSS6.6AI score0.00443EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/11/03 6:35 a.m.•92 views

USN-3121-1: OpenJDK 8 vulnerabilities

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An attacker could use this to bypass Java sandbox restrictions. CVE-2016-5582 It was discovered that OpenJDK did not restrict the set of algorithms used for...

9.6CVSS7.2AI score0.05437EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/20 1:52 a.m.•92 views

USN-3105-1: Linux kernel vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges...

7.2CVSS7.6AI score0.83524EPSS
Exploits81
Ubuntu
Ubuntu
•added 2016/09/27 6:3 p.m.•92 views

USN-3088-1: Bind vulnerability

It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

7.8CVSS7.4AI score0.89482EPSS
Exploits7
Ubuntu
Ubuntu
•added 2016/09/19 6:21 p.m.•92 views

USN-3083-1: Linux kernel vulnerabilities

Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2016-3841 It was discovered that a race...

7.3CVSS6.7AI score0.00391EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/08/10 4:58 p.m.•92 views

USN-3059-1: xmlrpc-epi vulnerability

It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestringaddn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.5AI score0.06271EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/05/26 2:59 p.m.•92 views

USN-2985-2: GNU C Library regression

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to...

8.3AI score
Exploits0References1
Total number of security vulnerabilities5000