Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2022/05/31 11:29 a.m.•87 views

USN-5454-1: CUPS vulnerabilities

Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. CVE-2022-26691 It was discovered that CUPS incorrectly handled...

7.2CVSS6.4AI score0.02006EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/13 7:55 p.m.•87 views

USN-5174-2: Samba regression

USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...

6.8AI score0.02025EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2020/08/25 12:20 p.m.•87 views

USN-4472-1: PostgreSQL vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

7.3CVSS7.9AI score0.02235EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/13 9:23 p.m.•87 views

USN-4459-1: Salt vulnerabilities

It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. CVE-2018-15750 It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to...

9.8CVSS8.1AI score0.96405EPSS
Exploits25
Ubuntu
Ubuntu
•added 2020/08/03 6:29 p.m.•87 views

USN-4298-2: SQLite vulnerabilities

USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a...

8.8CVSS7.8AI score0.06997EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/05/13 11:37 a.m.•87 views

USN-4356-1: Squid vulnerabilities

Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes ESI responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. CVE-2019-12519, CVE-2019-12521 It was discovered that Squid incorrectly handled the...

9.8CVSS7.1AI score0.27246EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/13 7:46 p.m.•87 views

USN-4328-1: Thunderbird vulnerabilities

It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. CVE-2020-6792 Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...

9.8CVSS7.6AI score0.06305EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/03/17 12:28 p.m.•87 views

USN-4304-1: Ceph vulnerability

Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service...

6.8CVSS6.8AI score0.02488EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/11 4:48 p.m.•87 views

USN-4277-1: libexif vulnerabilities

Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. CVE-2016-6328 Lili Xu and Bingchang Li...

9.1CVSS7.4AI score0.04059EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/01/08 1:39 p.m.•87 views

USN-4230-1: ClamAV vulnerability

It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.03135EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/12/10 12:54 p.m.•87 views

USN-4217-1: Samba vulnerabilities

Andreas Oster discovered that the Samba DNS management server incorrectly handled certain records. An authenticated attacker could possibly use this issue to crash Samba, resulting in a denial of service. CVE-2019-14861 Isaac Boukris discovered that Samba did not enforce the Kerberos...

6.4CVSS6.4AI score0.02783EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/11/14 4:26 p.m.•87 views

USN-4193-1: Ghostscript vulnerability

Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause...

8.8CVSS7.7AI score0.03434EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/08/16 7:23 p.m.•87 views

USN-4101-1: Firefox vulnerability

It was discovered that passwords could be copied to the clipboard from the "Saved Logins" dialog without entering the master password, even when a master password has been set. A local attacker could potentially exploit this to obtain saved passwords...

9.8CVSS7.6AI score0.01411EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/08/13 5:37 p.m.•87 views

USN-4097-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2019-11041, CVE-2019-11042...

7.1CVSS7AI score0.0442EPSS
Exploits2
Ubuntu
Ubuntu
•added 2019/08/01 11:59 a.m.•87 views

USN-4084-1: Django vulnerabilities

It was discovered that Django incorrectly handled the Truncator function. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. CVE-2019-14232 It was discovered that Django incorrectly handled the striptags function. A remote attacke...

9.8CVSS7.5AI score0.47694EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/02/26 2:14 p.m.•87 views

USN-3866-3: Ghostscript regression

USN-3866-2 fixed a regression in Ghostscript. The Ghostscript update introduced a new regression that resulted in certain pages being printed with a blue background. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that Ghostscript incorrectly handled certain...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2019/02/04 7:44 p.m.•87 views

USN-3878-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information host machine kernel memory. CVE-2018-14625 Cfir...

8.8CVSS6.2AI score0.00477EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/10 5:44 p.m.•87 views

USN-3853-1: GnuPG vulnerability

Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks...

8.8CVSS7AI score0.01041EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/09/11 4:9 a.m.•87 views

USN-3763-1: Linux kernel vulnerability

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service...

7.8CVSS6.7AI score0.7354EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/04/25 12:20 p.m.•87 views

USN-3629-2: MySQL vulnerabilities

USN-3629-1 fixed a vulnerability in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.60 in...

7.7CVSS6.6AI score0.0401EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/10 11:29 p.m.•87 views

USN-3444-1: Linux kernel vulnerabilities

Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service host crash or possibly gain administrative privileges in the host. CVE-2017-12134 Andrey Konovalov...

8.8CVSS6.5AI score0.00497EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/18 5:46 a.m.•87 views

USN-3396-1: OpenJDK 7 vulnerabilities

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...

9.6CVSS7.6AI score0.05034EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/01/11 8:16 a.m.•87 views

USN-3169-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture ALSA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2016-9794 Andrey Konovalov discovered that signed integer...

7.8CVSS6.5AI score0.01566EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/01/10 6:45 p.m.•87 views

USN-3166-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

9.6CVSS6.8AI score0.66788EPSS
Exploits9
Ubuntu
Ubuntu
•added 2016/11/22 6:51 p.m.•87 views

USN-3134-1: Python vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...

10CVSS7.8AI score0.2548EPSS
Exploits7
Ubuntu
Ubuntu
•added 2016/08/29 7:13 p.m.•87 views

USN-3071-1: Linux kernel vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/06/10 5:46 a.m.•87 views

USN-3003-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/04/27 10:32 p.m.•87 views

USN-2934-1: Thunderbird vulnerabilities

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denia...

9.3CVSS8.2AI score0.31046EPSS
Exploits9
Ubuntu
Ubuntu
•added 2016/04/11 7:32 p.m.•87 views

USN-2948-2: Linux kernel (Utopic HWE) regression

USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem. We apologize for the inconvenience. Original advisory...

7.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2016/04/04 6:5 p.m.•87 views

USN-2944-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

8.8CVSS7.1AI score0.14621EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/01/06 5:36 p.m.•87 views

USN-2861-1: libpng vulnerabilities

It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking th...

9.3CVSS7.8AI score0.06431EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/11/12 5:50 p.m.•87 views

USN-2810-1: Kerberos vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...

8.5CVSS7AI score0.06485EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/11/04 8:54 p.m.•87 views

USN-2790-1: NSPR vulnerability

Ryan Sleevi discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS8.3AI score0.06792EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/08/11 6:34 p.m.•87 views

USN-2702-1: Firefox vulnerabilities

Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via...

10CVSS7.9AI score0.09027EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/07/30 4:48 p.m.•87 views

USN-2698-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7443 Michal Zalewski...

7.5CVSS7.6AI score0.05531EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/06/25 12:32 p.m.•87 views

USN-2654-1: Tomcat vulnerabilities

It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0119 It was discovered that Tomcat incorrectly handled data with malformed chunk...

7.8CVSS6.8AI score0.21045EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/30 8:4 a.m.•87 views

USN-2586-1: Linux kernel (OMAP4) vulnerability

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement RA messages to set the 'hoplimit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service IPv6 messages dropped...

3.3CVSS7.1AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/02/25 9:53 p.m.•87 views

USN-2505-1: Firefox vulnerabilities

Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. CVE-2015-0819 Jan de Mooij...

7.5CVSS8AI score0.06029EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/07/05 5:54 p.m.•87 views

USN-2271-1: Linux kernel (Saucy HWE) vulnerability

Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service System Crash or potential gain administrative privileges...

6.9CVSS6.7AI score0.02324EPSS
Exploits6
Ubuntu
Ubuntu
•added 2014/06/05 9:50 p.m.•87 views

USN-2239-1: Linux kernel (Saucy HWE) vulnerabilities

Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrative privileges. CVE-2014-3153 A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt...

7.8CVSS7AI score0.37233EPSS
Exploits20
Ubuntu
Ubuntu
•added 2013/12/03 7:25 p.m.•87 views

USN-2041-1: Linux kernel (Raring HWE) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol SCTP of the Linux kernel. A...

6.1CVSS6.8AI score0.04144EPSS
Exploits5
Ubuntu
Ubuntu
•added 2012/11/30 10:11 a.m.•87 views

USN-1652-1: Linux kernel (Oneiric backport) vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cau...

6.2CVSS6.7AI score0.00959EPSS
Exploits3
Ubuntu
Ubuntu
•added 2012/10/25 5:10 p.m.•87 views

USN-1617-1: WebKit vulnerabilities

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

10CVSS8.3AI score0.03811EPSS
Exploits8References2
Ubuntu
Ubuntu
•added 2012/02/03 10:30 p.m.•87 views

USN-1355-2: Mozvoikko update

USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect...

8.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2011/11/29 6:16 p.m.•87 views

USN-1285-1: Linux kernel vulnerabilities

Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-2183 Vasily Averin discovered that the NFS Lock Manager NLM incorrectly handled unlock requests. A...

7.2CVSS7.6AI score0.00541EPSS
Exploits2
Ubuntu
Ubuntu
•added 2011/11/08 7:40 p.m.•87 views

USN-1253-1: Linux kernel vulnerabilities

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. CVE-2011-1576 Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly...

9.1CVSS7.9AI score0.05689EPSS
Exploits8
Ubuntu
Ubuntu
•added 2011/10/25 1:3 p.m.•87 views

USN-1243-1: Linux kernel vulnerabilities

It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

9.1CVSS7.8AI score0.05689EPSS
Exploits5
Ubuntu
Ubuntu
•added 2011/09/13 7:58 p.m.•87 views

USN-1201-1: Linux kernel vulnerabilities

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

7.8CVSS7.2AI score0.08793EPSS
Exploits5
Ubuntu
Ubuntu
•added 2011/03/29 5:23 p.m.•87 views

USN-1098-1: vsftpd vulnerability

It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service...

4CVSS6.4AI score0.7332EPSS
Exploits9
Ubuntu
Ubuntu
•added 2010/10/28 2:45 p.m.•87 views

USN-1010-1: OpenJDK vulnerabilities

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. USN-923-1 disabled SSL/TLS renegotiation...

10CVSS8.4AI score0.87264EPSS
Exploits14
Total number of security vulnerabilities5000