Lucene search
K
UbuntuMost viewed

10888 matches found

Ubuntu
Ubuntu
added 2023/05/22 7:40 p.m.91 views

USN-6094-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...

7.8CVSS7.1AI score0.00635EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/28 2:55 a.m.91 views

USN-5897-1: OpenJDK vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

5.3CVSS6.6AI score0.01836EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/23 6:29 a.m.91 views

USN-5816-1: Firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS8.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/19 4:4 p.m.91 views

USN-5810-2: Git regression

USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly...

8.7AI score0.56334EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2022/09/26 3:47 p.m.91 views

USN-5640-1: Linux kernel (Oracle) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05588EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/07/28 11:2 p.m.91 views

USN-5539-1: Linux kernel vulnerabilities

It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-1195...

7.5CVSS6.9AI score0.0155EPSS
Exploits3
Ubuntu
Ubuntu
added 2022/07/26 4:28 p.m.91 views

USN-5531-1: protobuf-c vulnerability

Pietro Borrello discovered that protobuf-c contained an invalid arithmetic shift. This vulnerability allowed attackers to cause a denial of service system crash via unspecified vectors CVE-2022-33070. It was discovered that protobuf-c contained an unsigned integer overflow. This vulnerability...

5.5CVSS6.3AI score0.01058EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/06/16 4:22 p.m.91 views

USN-5482-1: SPIP vulnerabilities

It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2020-28984 Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting XSS. If a...

9.8CVSS7.5AI score0.02879EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/05/05 10:11 a.m.91 views

USN-5400-3: MySQL regression

USN-5400-1 fixed vulnerabilities in MySQL. The fix breaks existing charm configurations. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix the...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2022/03/29 3:48 p.m.91 views

USN-5351-2: Paramiko vulnerability

USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain...

5.9CVSS6.6AI score0.0208EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/12/06 1:29 p.m.91 views

USN-5174-1: Samba vulnerabilities

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124 Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An...

8.8CVSS6.8AI score0.02025EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/12/01 4:45 p.m.91 views

USN-5168-2: Thunderbird vulnerability

Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.6AI score0.17563EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/23 1:1 p.m.91 views

USN-5089-2: ca-certificates update

USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/08/25 1:30 p.m.91 views

USN-5037-2: Firefox regression

USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user wer...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/01/04 1:52 p.m.91 views

USN-4668-3: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A loca...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/09/17 12:11 a.m.91 views

USN-4509-1: Perl DBI module vulnerabilities

It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2013-7490 It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive...

6.1CVSS7AI score0.02738EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/09/08 4:18 p.m.91 views

USN-4487-2: libx11 vulnerabilities

USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to...

7.8CVSS7.3AI score0.00575EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/08/24 12:5 p.m.91 views

USN-4468-2: Bind vulnerability

USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed reques...

6.5CVSS6.9AI score0.05545EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/08/17 4:46 p.m.91 views

USN-4460-1: Oniguruma vulnerabilities

It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246...

9.8CVSS7.1AI score0.10539EPSS
Exploits5
Ubuntu
Ubuntu
added 2020/06/29 2:5 a.m.91 views

USN-4405-1: GLib Networking vulnerability

It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information...

6.5CVSS6.9AI score0.01933EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/03/04 12:22 p.m.91 views

USN-4296-1: Django vulnerability

Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack...

8.8CVSS7.3AI score0.22513EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/02/05 12:12 p.m.91 views

USN-4267-1: ARM mbed TLS vulnerabilities

It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. CVE-2017-18187 It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a...

9.8CVSS7.6AI score0.04884EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/01/16 5:9 p.m.91 views

USN-4241-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting XSS attacks, or execute arbitrary code...

8.8CVSS7.8AI score0.46589EPSS
Exploits11
Ubuntu
Ubuntu
added 2018/12/20 11:42 p.m.91 views

USN-3848-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kerne...

9.8CVSS6.9AI score0.03399EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/12/20 11:39 p.m.91 views

USN-3849-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/12/10 4:15 p.m.91 views

USN-3842-1: CUPS vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery CSRF attacks...

6.8AI score
Exploits1
Ubuntu
Ubuntu
added 2018/08/29 1:2 p.m.91 views

USN-3757-1: poppler vulnerability

Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service...

6.5CVSS6.9AI score0.0315EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/07/02 5:49 p.m.91 views

USN-3695-2: Linux kernel (HWE) vulnerabilities

USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not...

7.1CVSS6.4AI score0.02128EPSS
Exploits6
Ubuntu
Ubuntu
added 2018/06/26 2:6 p.m.91 views

USN-3692-2: OpenSSL vulnerabilities

USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and...

7.5CVSS6.6AI score0.49268EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/05/21 11:59 p.m.91 views

USN-3651-1: QEMU update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

5.5CVSS7.2AI score0.60631EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2018/03/15 6:38 a.m.91 views

USN-3597-1: Linux kernel vulnerabilities

USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn...

5.6CVSS7.3AI score0.93838EPSS
Exploits12References2
Ubuntu
Ubuntu
added 2018/03/09 9:2 a.m.91 views

USN-3594-1: Linux kernel vulnerability

USN-3542-1 mitigated CVE-2017-5715 Spectre Variant 2 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative...

5.6CVSS7.2AI score0.74041EPSS
Exploits8References1
Ubuntu
Ubuntu
added 2018/02/22 12:10 a.m.91 views

USN-3580-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.2AI score0.93838EPSS
Exploits11References1
Ubuntu
Ubuntu
added 2018/01/17 12:57 p.m.91 views

USN-3534-1: GNU C Library vulnerabilities

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001 A memory leak was...

9.8CVSS8.2AI score0.13614EPSS
Exploits16
Ubuntu
Ubuntu
added 2018/01/09 11:10 p.m.91 views

USN-3522-1: Linux kernel vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
added 2017/11/21 5:36 a.m.91 views

USN-3485-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...

7.8CVSS7.3AI score0.0097EPSS
Exploits4
Ubuntu
Ubuntu
added 2017/04/25 2:46 a.m.91 views

USN-3266-2: Linux kernel (HWE) vulnerability

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission...

7.1CVSS6.7AI score0.01162EPSS
Exploits0
Ubuntu
Ubuntu
added 2017/04/20 6:33 p.m.91 views

USN-3261-1: QEMU vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. CVE-2016-10028, CVE-2016-10029 Li Qiang discovered...

9.9CVSS7.7AI score0.04448EPSS
Exploits1
Ubuntu
Ubuntu
added 2017/01/19 1:32 p.m.91 views

USN-3174-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.54 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.17. In addition to security fixes...

6.8CVSS6.5AI score0.04792EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/10 10:1 a.m.91 views

USN-3052-1: Linux kernel vulnerabilities

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...

5.5CVSS6.6AI score0.00582EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/06/10 6:58 a.m.91 views

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

7.8CVSS6.8AI score0.06438EPSS
Exploits6
Ubuntu
Ubuntu
added 2016/05/25 8:22 p.m.91 views

USN-2985-1: GNU C Library vulnerabilities

Martin Carpenter discovered that ptchown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. CVE-2013-2207, CVE-2016-2856 Robin Hack discovered that the Name Service Switch NSS...

9.8CVSS8.2AI score0.07629EPSS
Exploits6
Ubuntu
Ubuntu
added 2016/04/06 6:59 a.m.91 views

USN-2947-2: Linux kernel (Wily HWE) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/03/14 3:34 p.m.91 views

USN-2928-1: Linux kernel vulnerability

Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

4.9CVSS6.5AI score0.03723EPSS
Exploits10
Ubuntu
Ubuntu
added 2016/02/09 6:7 p.m.91 views

USN-2892-1: nginx vulnerabilities

It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2016-0742 It was discovered that nginx incorrectly handled CNAME response...

9.8CVSS6.8AI score0.81958EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/07/29 4:36 p.m.91 views

USN-2694-1: PCRE vulnerabilities

Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-8964...

9.8CVSS7.1AI score0.09157EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/07/06 12:14 p.m.91 views

USN-2658-1: PHP vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598...

10CVSS7.5AI score0.50129EPSS
Exploits19
Ubuntu
Ubuntu
added 2015/05/20 11:34 a.m.91 views

USN-2616-1: Linux kernel vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. CVE-2014-9710 A memory corruption issue was discovered in AES decryption when using the...

9.3CVSS6.9AI score0.10108EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/03/24 9:15 a.m.91 views

USN-2542-1: Linux kernel (OMAP4) vulnerabilities

The Linux kernel's splice system call did not correctly validate its parameters. A local, unprivileged user could exploit this flaw to cause a denial of service system crash. CVE-2014-7822 A flaw was discovered in how Thread Local Storage TLS is handled by the task switching function in the Linux...

10CVSS6.6AI score0.09828EPSS
Exploits2
Ubuntu
Ubuntu
added 2015/03/19 5:10 p.m.91 views

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

7.5CVSS7.8AI score0.44503EPSS
Exploits1
Total number of security vulnerabilities5000