Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
added 2013/03/22 11:24 p.m.92 views

USN-1776-1: Linux kernel (EC2) vulnerabilities

A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu//msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. CVE-2013-0268 A flaw was discovered in the Linux kernels handling of memory ranges with...

6.2CVSS6.9AI score0.01557EPSS
Exploits4
Ubuntu
Ubuntu
added 2013/01/14 1:50 p.m.92 views

USN-1685-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu...

4.3CVSS6.8AI score0.11975EPSS
Exploits3
Ubuntu
Ubuntu
added 2013/01/09 12:6 a.m.92 views

USN-1681-1: Firefox vulnerabilities

Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attack...

10CVSS9.3AI score0.73364EPSS
Exploits30References1
Ubuntu
Ubuntu
added 2012/10/24 3:51 p.m.92 views

USN-1616-1: Python 3.1 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. CVE-2008-5983 It was discovered that th...

6.9CVSS7.6AI score0.14643EPSS
Exploits8
Ubuntu
Ubuntu
added 2012/09/05 12:35 p.m.92 views

USN-1555-1: Linux kernel vulnerabilities

Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. CVE-2012-0044 A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS protocol implementation. A local, unprivileged user could use this...

7.8CVSS7.2AI score0.08738EPSS
Exploits1
Ubuntu
Ubuntu
added 2011/11/21 6:51 p.m.92 views

USN-1271-1: Linux kernel (FSL-IMX51) vulnerabilities

It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. CVE-2011-1585 It was discovered that the GRE protocol incorrectly handled netns...

5.4CVSS7.2AI score0.0283EPSS
Exploits7
Ubuntu
Ubuntu
added 2011/07/15 10:46 p.m.92 views

USN-1150-1: Thunderbird vulnerabilities

Multiple memory vulnerabilities were discovered in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2376 Martin Barbella discovered that under...

10CVSS9AI score0.75691EPSS
Exploits19
Ubuntu
Ubuntu
added 2011/03/18 9:48 p.m.92 views

USN-1089-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4075, CVE-2010-4076, CVE-2010-4077 Dan Rosenberg discovered that the socket...

4.9CVSS5.7AI score0.0104EPSS
Exploits11
Ubuntu
Ubuntu
added 2011/03/01 10:32 p.m.92 views

USN-1080-1: Linux kernel vulnerabilities

Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. CVE-2010-3865 Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not...

7.2CVSS6.2AI score0.02523EPSS
Exploits6
Ubuntu
Ubuntu
added 2011/02/25 11:58 p.m.92 views

USN-1074-1: Linux kernel vulnerabilities

Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. CVE-2009-4895 Dan Rosenberg discovered that the MOVEEXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only...

10CVSS7AI score0.17009EPSS
Exploits84
Ubuntu
Ubuntu
added 2010/06/29 7:8 p.m.92 views

USN-927-4: nss vulnerability

USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the...

9.8CVSS7.9AI score0.87264EPSS
Exploits14
Ubuntu
Ubuntu
added 2010/05/19 7:1 p.m.92 views

USN-940-1: Kerberos vulnerabilities

It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Only Ubuntu 6.06 LTS was affected. CVE-2007-5902,...

10CVSS6.4AI score0.11857EPSS
Exploits4
Ubuntu
Ubuntu
added 2010/02/24 7:59 a.m.92 views

USN-903-1: OpenOffice.org vulnerabilities

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 Sebastian Apelt and Frank Reißner discovered that OpenOffice did not correct...

9.3CVSS8AI score0.14092EPSS
Exploits1
Ubuntu
Ubuntu
added 2009/12/18 9:52 p.m.92 views

USN-873-1: Firefox 3.0 and Xulrunner 1.9 vulnerabilities

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary...

9.3CVSS8.5AI score0.03963EPSS
Exploits8
Ubuntu
Ubuntu
added 2009/07/28 6:29 p.m.92 views

USN-807-1: Linux kernel vulnerabilities

Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially crafted traffic that would crash the system or potentially grant elevated privileges. CVE-2009-1389 Julien Tinnes and Tavis Ormandy...

7.8CVSS5.8AI score0.05471EPSS
Exploits6
Ubuntu
Ubuntu
added 2009/07/02 12:55 a.m.92 views

USN-793-1: Linux kernel vulnerabilities

Igor Zhbanov discovered that NFS clients were able to create device nodes even when rootsquash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected...

7.8CVSS6.5AI score0.33491EPSS
Exploits11
Ubuntu
Ubuntu
added 2009/04/20 9:33 p.m.92 views

USN-761-1: PHP vulnerabilities

It was discovered that PHP did not sanitize certain error messages when displayerrors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server...

5CVSS4.9AI score0.02396EPSS
Exploits2
Ubuntu
Ubuntu
added 2009/04/13 5:48 p.m.92 views

USN-756-1: ClamAV vulnerability

It was discovered that ClamAV did not properly verify buffers when processing Upack files. A remote attacker could send a crafted file and cause a denial of service via application crash...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2009/01/29 11:41 p.m.92 views

USN-715-1: Linux kernel vulnerabilities

Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system hang, leading to a denial of service. CVE-2008-5079 It was discovered that the inotify subsystem contained watch removal race conditions. A local attacker coul...

7.2CVSS5.5AI score0.01094EPSS
Exploits7
Ubuntu
Ubuntu
added 2007/06/12 12:43 a.m.92 views

USN-472-1: libpng vulnerability

It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service...

5CVSS5.3AI score0.05115EPSS
Exploits1
Ubuntu
Ubuntu
added 2007/05/16 3:23 a.m.92 views

USN-460-1: Samba vulnerabilities

Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. CVE-2007-2444 Brian Schafer discovered that Samba did not handle ND...

10CVSS8.6AI score0.77806EPSS
Exploits37
Ubuntu
Ubuntu
added 2006/10/11 4:9 a.m.92 views

USN-362-1: PHP vulnerabilities

The stripos function did not check for invalidly long or empty haystack strings. In an application that uses this function on arbitrary untrusted data this could be exploited to crash the PHP interpreter. CVE-2006-4485 An integer overflow was discovered in the PHP memory allocation handling. On...

10CVSS6AI score0.15011EPSS
Exploits2
Ubuntu
Ubuntu
added 2005/10/29 1:24 a.m.92 views

USN-151-3: zlib vulnerabilities

USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues. The updated packagages...

7.5CVSS8.4AI score0.05476EPSS
Exploits3
Ubuntu
Ubuntu
added 2004/10/23 1:17 a.m.92 views

USN-1-1: PNG library vulnerabilities

Several integer overflow vulnerabilities were discovered in the PNG library. These vulnerabilities could be exploited by an attacker by providing a specially crafted PNG image which, when processed by the PNG library, could result in the execution of program code provided by the attacker. The PNG...

5.9AI score
Exploits0
Ubuntu
Ubuntu
added 2025/05/06 1:25 p.m.91 views

USN-7492-1: Linux kernel vulnerability

A security issues was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; CVE-2024-56653...

7.8CVSS7.2AI score0.00216EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/07/11 5:25 p.m.91 views

USN-6885-2: Apache HTTP Server regression

USN-6885-1 fixed vulnerabilities in Apache HTTP Server. One of the security fixes introduced a regression when proxying requests to a HTTP/2 server. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marc Stern discovered that the Apache HTTP Server...

7.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2023/12/05 9:59 p.m.91 views

USN-6533-1: Linux kernel (OEM) vulnerabilities

Tom Dohrmann discovered that the Secure Encrypted Virtualization SEV implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service system crash or possibly...

7CVSS7AI score0.00693EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/11/28 8:17 p.m.91 views

USN-6502-3: Linux kernel (NVIDIA) vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao discover...

9.8CVSS7.5AI score0.00978EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/10/11 11:34 a.m.91 views

USN-6429-1: curl vulnerabilities

Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04...

9.8CVSS7.8AI score0.78483EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/08/23 4:40 p.m.91 views

USN-6305-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2023-3823 It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitiv...

9.8CVSS7.8AI score0.08003EPSS
Exploits4
Ubuntu
Ubuntu
added 2023/07/14 1:49 p.m.91 views

USN-6231-1: Linux kernel (OEM) vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service system crash. CVE-2023-212...

7.8CVSS7.2AI score0.00491EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/05/22 7:40 p.m.91 views

USN-6094-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-3707 Jordy Zomer and Alexandra Sandulescu discover...

7.8CVSS7.1AI score0.00635EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/23 6:29 a.m.91 views

USN-5816-1: Firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS8.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/19 4:4 p.m.91 views

USN-5810-2: Git regression

USN-5810-1 fixed vulnerabilities in Git. This update introduced a regression as it was missing some commit lines. This update fixes the problem. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly...

8.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2022/09/26 3:47 p.m.91 views

USN-5640-1: Linux kernel (Oracle) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

7.8CVSS7.1AI score0.05542EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/07/28 11:2 p.m.91 views

USN-5539-1: Linux kernel vulnerabilities

It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2022-1195...

7.5CVSS6.9AI score0.0155EPSS
Exploits3
Ubuntu
Ubuntu
added 2022/07/26 4:28 p.m.91 views

USN-5531-1: protobuf-c vulnerability

Pietro Borrello discovered that protobuf-c contained an invalid arithmetic shift. This vulnerability allowed attackers to cause a denial of service system crash via unspecified vectors CVE-2022-33070. It was discovered that protobuf-c contained an unsigned integer overflow. This vulnerability...

5.5CVSS6.3AI score0.01058EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/06/16 4:22 p.m.91 views

USN-5482-1: SPIP vulnerabilities

It was discovered that SPIP incorrectly validated inputs. An authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2020-28984 Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross Site Scripting XSS. If a...

9.8CVSS7.5AI score0.02879EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/03/29 3:48 p.m.91 views

USN-5351-2: Paramiko vulnerability

USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain...

5.9CVSS6.6AI score0.0208EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/12/06 1:29 p.m.91 views

USN-5174-1: Samba vulnerabilities

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124 Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An...

8.8CVSS6.8AI score0.02025EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/12/01 4:45 p.m.91 views

USN-5168-2: Thunderbird vulnerability

Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.6AI score0.17563EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/23 1:1 p.m.91 views

USN-5089-2: ca-certificates update

USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/08/25 1:30 p.m.91 views

USN-5037-2: Firefox regression

USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user wer...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/01/04 1:52 p.m.91 views

USN-4668-3: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A loca...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/10/22 10:18 p.m.91 views

USN-4601-1: pip vulnerability

It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack. CVE-2019-20916...

7.5CVSS7.7AI score0.03028EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/09/17 12:11 a.m.91 views

USN-4509-1: Perl DBI module vulnerabilities

It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2013-7490 It was discovered that Perl DBI module incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive...

6.1CVSS7AI score0.02738EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/08/24 12:5 p.m.91 views

USN-4468-2: Bind vulnerability

USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed reques...

6.5CVSS6.9AI score0.05545EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/06/29 2:5 a.m.91 views

USN-4405-1: GLib Networking vulnerability

It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information...

6.5CVSS6.9AI score0.01933EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/03/04 12:22 p.m.91 views

USN-4296-1: Django vulnerability

Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack...

8.8CVSS7.3AI score0.22513EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/12/20 11:42 p.m.91 views

USN-3848-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kerne...

9.8CVSS6.9AI score0.03399EPSS
Exploits2
Total number of security vulnerabilities5000