Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
added 2012/10/04 9:40 p.m.89 views

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

6.9CVSS7.3AI score0.14643EPSS
Exploits10
Ubuntu
Ubuntu
added 2012/08/10 9:45 p.m.89 views

USN-1531-1: Linux kernel vulnerabilities

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface which is not available to unprivileged users until granted by a root user could exploit this flaw to crash the system or potential gain administrative privileges...

7.2CVSS6.6AI score0.00583EPSS
Exploits3
Ubuntu
Ubuntu
added 2012/06/29 6:33 p.m.89 views

USN-1488-1: Linux kernel vulnerabilities

Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. CVE-2012-2313 Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user...

7.2CVSS6.8AI score0.00979EPSS
Exploits4
Ubuntu
Ubuntu
added 2012/02/24 10:35 a.m.89 views

USN-1373-1: OpenJDK 6 vulnerabilities

It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. CVE-2011-5035 ATTENTION: this update changes previous Java...

10CVSS8.2AI score0.98237EPSS
Exploits19
Ubuntu
Ubuntu
added 2011/12/13 12:56 p.m.89 views

USN-1301-1: Linux kernel (Natty backport) vulnerabilities

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. CVE-2011-4077 Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions...

7.2CVSS6.1AI score0.00556EPSS
Exploits5
Ubuntu
Ubuntu
added 2011/07/13 8:25 p.m.89 views

USN-1159-1: Linux kernel vulnerabilities (Marvell Dove)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. CVE-2010-4243 Alexander Duyck discovered that the Intel Gigabit Ethernet driver...

9.8CVSS7.1AI score0.04364EPSS
Exploits30
Ubuntu
Ubuntu
added 2011/06/16 5:10 p.m.89 views

USN-1153-1: libxml2 vulnerability

Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...

9.3CVSS7.8AI score0.13727EPSS
Exploits1
Ubuntu
Ubuntu
added 2011/04/20 7:57 p.m.89 views

USN-1119-1: Linux kernel (OMAP4) vulnerabilities

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...

8.3CVSS7.4AI score0.11217EPSS
Exploits69
Ubuntu
Ubuntu
added 2011/03/08 11:44 p.m.89 views

USN-1086-1: Linux kernel (EC2) vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4075 Dan Rosenberg discovered that the socket filters did not correctly...

4.7CVSS5.7AI score0.00868EPSS
Exploits3
Ubuntu
Ubuntu
added 2011/03/01 7:58 a.m.89 views

USN-1079-1: OpenJDK 6 vulnerabilities

It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. CVE-2010-4448 It was discovered that the Java launcher did not did not properly setup the LDLIBRARYPATH environment variable. A local...

10CVSS6.4AI score0.2349EPSS
Exploits2
Ubuntu
Ubuntu
added 2010/11/08 9:19 p.m.89 views

USN-1008-4: libvirt regression

USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify 'hostdevice' as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
added 2010/10/20 9:18 p.m.89 views

USN-997-1: Firefox and Xulrunner vulnerabilities

Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the...

9.3CVSS8.9AI score0.10118EPSS
Exploits2
Ubuntu
Ubuntu
added 2010/09/21 1:59 p.m.89 views

USN-990-2: Apache vulnerability

USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow...

9.8CVSS7.8AI score0.87264EPSS
Exploits14
Ubuntu
Ubuntu
added 2008/09/26 2:32 a.m.89 views

USN-647-1: Thunderbird vulnerabilities

It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. CVE-2008-3835 Several problems were discovered in...

10CVSS8.7AI score0.07351EPSS
Exploits5
Ubuntu
Ubuntu
added 2008/05/13 1:19 p.m.89 views

USN-612-1: OpenSSL vulnerability

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledg...

7.8CVSS6.7AI score0.70721EPSS
Exploits7
Ubuntu
Ubuntu
added 2008/05/06 9:51 p.m.89 views

USN-609-1: OpenOffice.org vulnerabilities

It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. CVE-2007-4575 Multiple memory overflow flaws were...

9.3CVSS6AI score0.57015EPSS
Exploits13
Ubuntu
Ubuntu
added 2008/01/18 2:9 a.m.89 views

USN-571-1: X.org vulnerabilities

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. CVE-2007-5760, CVE-2007-6427, CVE-2007-6428,...

9.3CVSS8.4AI score0.05332EPSS
Exploits7
Ubuntu
Ubuntu
added 2006/06/08 11:33 p.m.89 views

USN-291-1: FreeType vulnerabilities

Several integer overflows have been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user...

7.5CVSS5.8AI score0.16172EPSS
Exploits0
Ubuntu
Ubuntu
added 2005/10/18 1:39 a.m.89 views

USN-209-1: SSH server vulnerability

An information disclosure vulnerability has been found in the SSH server. When the GSSAPIAuthentication option was enabled, the SSH server could send GSSAPI credentials even to users who attempted to log in with a method other than GSSAPI. This could inadvertently expose these credentials to an...

5CVSS7.4AI score0.02299EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/26 6:27 p.m.88 views

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

9.1CVSS5.8AI score0.00466EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/12/14 12:33 p.m.88 views

USN-6546-2: LibreOffice vulnerabilities

USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were...

8.8CVSS8.3AI score0.01017EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/10/03 8:33 p.m.88 views

USN-6386-3: Linux kernel vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

7.8CVSS7.1AI score0.12405EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/09/26 6:39 p.m.88 views

USN-6397-1: Linux kernel (BlueField) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Ruihan Li discovered that the bluetooth subsystem ...

10CVSS7.9AI score0.05794EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/08/28 5:19 p.m.88 views

USN-6309-1: Linux kernel vulnerabilities

Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...

7.8CVSS7.2AI score0.00517EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/07/26 3:54 p.m.88 views

USN-6254-1: Linux kernel vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the doprlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0458 It was discovered that a race...

7.8CVSS7.3AI score0.02154EPSS
Exploits4
Ubuntu
Ubuntu
added 2023/07/12 5:24 p.m.88 views

USN-6221-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2021-20321 It was discovered that the virtual terminal vt device implementation in the Linux kernel contain...

7.8CVSS7.2AI score0.04947EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/06/07 5:6 a.m.88 views

USN-6143-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-34414, CVE-2023-34416,...

9.8CVSS7.7AI score0.0093EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/05/09 9:51 p.m.88 views

USN-6063-1: Ceph vulnerabilities

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-3979 It was discovered that Ceph incorrectly handled the volumes...

9.1CVSS6.8AI score0.00935EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/04/11 10:55 p.m.88 views

USN-6009-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/03/14 6:45 p.m.88 views

USN-5951-1: Linux kernel (IBM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/03/02 2:0 p.m.88 views

USN-5908-1: Sudo vulnerability

It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate...

7.2CVSS6.7AI score0.01664EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/14 6:37 p.m.88 views

USN-5871-1: Git vulnerabilities

It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. CVE-2023-22490 Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could...

7.5CVSS7.3AI score0.01144EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/01/25 8:14 p.m.88 views

USN-5828-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2018-20217 Greg Hudson discovered that Kerberos PAC implementation...

8.8CVSS7.1AI score0.06419EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/01/17 6:10 p.m.88 views

USN-5809-1: Linux kernel (OEM) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.7AI score0.02014EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/05 5:15 p.m.88 views

USN-5788-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-43551 It was...

7.5CVSS7.8AI score0.1654EPSS
Exploits2
Ubuntu
Ubuntu
added 2022/09/22 6:2 p.m.89 views

USN-5634-1: Linux kernel (OEM) vulnerability

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service system crash...

7.5CVSS6.6AI score0.05542EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/07/07 9:53 p.m.88 views

USN-5479-3: PHP regression

USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Charles Fol discovered that PHP incorrectly handled initializing certain arrays...

8.1CVSS8.7AI score0.03437EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/07/05 5:3 p.m.88 views

USN-5504-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass CSP restrictions, bypass sandboxed iframe restrictions, obtain sensitive...

9.8CVSS7.5AI score0.23941EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/12/17 2:53 p.m.88 views

USN-5199-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...

7.5CVSS7AI score0.11586EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/11/30 10:54 p.m.88 views

USN-5163-1: Linux kernel vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the Option USB Hi...

6.4CVSS7.2AI score0.00533EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/11/24 5:26 p.m.88 views

USN-5156-1: ICU vulnerability

It was discovered that ICU contains a double free issue. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code...

8.8CVSS8.5AI score0.01128EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/11/19 12:46 p.m.88 views

USN-4638-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.5AI score0.54164EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/10/14 2:35 p.m.88 views

USN-4581-1: Python vulnerability

It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

7.2CVSS7.4AI score0.0642EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/09/08 11:29 a.m.88 views

USN-4490-1: X.Org X Server vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges...

7.8CVSS7.5AI score0.00594EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/08/27 5:13 p.m.88 views

USN-4477-1: Squid vulnerabilities

Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15810 Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker...

8.6CVSS6.9AI score0.05162EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/05/18 1:22 p.m.88 views

USN-4362-1: DPDK vulnerabilities

It was discovered that DPDK incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2020-10722, CVE-2020-10723, CVE-2020-10724, CVE-2020-10725, CVE-2020-10726...

7.7CVSS6.7AI score0.02213EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/03/30 5:49 p.m.88 views

USN-4311-1: BlueZ vulnerabilities

It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. CVE-2020-0556 It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to...

7.8CVSS6.9AI score0.01033EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/02/24 2:28 p.m.88 views

USN-4291-1: mod-auth-mellon vulnerability

It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL...

6.1CVSS6.8AI score0.01423EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/02/20 3:17 p.m.88 views

USN-4289-1: Squid vulnerabilities

Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. CVE-2019-12528 Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote...

7.5CVSS7.3AI score0.7179EPSS
Exploits0
Ubuntu
Ubuntu
added 2019/11/14 6:36 p.m.88 views

USN-4194-1: postgresql-common vulnerability

Rich Mirch discovered that the postgresql-common pgctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges...

7.8CVSS7.4AI score0.00499EPSS
Exploits1
Total number of security vulnerabilities5000