Lucene search
K
UbuntuMost viewed

10905 matches found

Ubuntu
Ubuntu
•added 2012/06/29 6:59 p.m.•86 views

USN-1490-1: Linux kernel (Natty backport) vulnerabilities

Stephan Mueller reported a flaw in the Linux kernel's dl2k network driver's handling of ioctls. An unprivileged local user could leverage this flaw to cause a denial of service. CVE-2012-2313 Timo Warns reported multiple flaws in the Linux kernel's hfsplus filesystem. An unprivileged local user...

7.2CVSS6.8AI score0.00979EPSS
Exploits4
Ubuntu
Ubuntu
•added 2012/03/16 9:8 p.m.•86 views

USN-1400-2: ubufox update

USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory details: Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, throug...

8.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2011/12/13 12:41 p.m.•86 views

USN-1300-1: Linux kernel (FSL-IMX51) vulnerabilities

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. CVE-2011-4077 A flaw was found in the Journaling Block Device JBD. A local attacker able to mount ext3 or ext4 file...

7.2CVSS7.8AI score0.00556EPSS
Exploits4
Ubuntu
Ubuntu
•added 2011/10/25 1:6 p.m.•86 views

USN-1244-1: Linux kernel (OMAP4) vulnerabilities

Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. CVE-2010-3873 Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being...

7.2CVSS6.9AI score0.03739EPSS
Exploits3
Ubuntu
Ubuntu
•added 2011/09/29 9:54 p.m.•86 views

USN-1222-1: Firefox vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary...

10CVSS8.6AI score0.05312EPSS
Exploits4
Ubuntu
Ubuntu
•added 2011/06/28 10:41 a.m.•86 views

USN-1160-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. CVE-2010-4529 Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc...

9.8CVSS7.1AI score0.04177EPSS
Exploits25
Ubuntu
Ubuntu
•added 2011/04/30 12:30 a.m.•86 views

USN-1121-1: Firefox vulnerabilities

Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. CVE-2011-0079 It was discovered that there was a vulnerability in the memory handling o...

10CVSS8.7AI score0.06858EPSS
Exploits4
Ubuntu
Ubuntu
•added 2011/03/03 12:49 a.m.•86 views

USN-1083-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. CVE-2010-3904 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service...

10CVSS7.3AI score0.17009EPSS
Exploits88
Ubuntu
Ubuntu
•added 2010/04/09 8:45 p.m.•86 views

USN-927-1: NSS vulnerability

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a machine-in-the-middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new...

9.8CVSS7.8AI score0.87264EPSS
Exploits14
Ubuntu
Ubuntu
•added 2010/01/27 4:30 p.m.•86 views

USN-803-2: Dhcp vulnerability

USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and...

10CVSS7.8AI score0.2578EPSS
Exploits9
Ubuntu
Ubuntu
•added 2009/08/11 5:45 a.m.•86 views

USN-814-1: OpenJDK vulnerabilities

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 It was discovered that JAR bundles would appear signed if only one element w...

10CVSS6.9AI score0.3038EPSS
Exploits4
Ubuntu
Ubuntu
•added 2008/11/17 8:38 p.m.•86 views

USN-671-1: MySQL vulnerabilities

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL...

4.6CVSS7.1AI score0.06465EPSS
Exploits4
Ubuntu
Ubuntu
•added 2008/07/08 7:17 p.m.•86 views

USN-622-1: Bind vulnerability

Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic...

6.8CVSS6.8AI score0.95182EPSS
Exploits20
Ubuntu
Ubuntu
•added 2008/03/19 11:31 p.m.•86 views

USN-588-1: MySQL vulnerabilities

Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service application crash via an EXPLAIN SELECT FROM on the INFORMATIONSCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. CVE-2006-7232 Alexander Nozdrin...

7.5CVSS8.3AI score0.91602EPSS
Exploits16
Ubuntu
Ubuntu
•added 2008/02/29 4:52 a.m.•86 views

USN-582-1: Thunderbird vulnerabilities

It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. CVE-2008-0304...

9.3CVSS8.6AI score0.08633EPSS
Exploits4
Ubuntu
Ubuntu
•added 2008/01/19 2:54 a.m.•86 views

USN-571-2: X.org regression

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension e.g. Java, wxWidgets would crash with BadAlloc X errors. This update fixes the problem. We apologize for the inconvenience. Original advisory detail...

8.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2004/12/22 10:20 p.m.•86 views

USN-46-1: TIFF library vulnerability

A buffer overflow was discovered in the TIFF library. A TIFF file includes a value indicating the number of "directory entry" header fields contained in the file. If this value is -1, an invalid memory allocation was performed. A malicious image could be constructed which, when decoded, would hav...

10CVSS5.9AI score0.14972EPSS
Exploits1
Ubuntu
Ubuntu
•added 2025/04/10 8:38 p.m.•85 views

USN-7432-1: libsoup vulnerabilities

It was discovered that libsoup could be made to read out of bounds. An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. CVE-2025-2784, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053 It was discovered that libsoup could be made ...

7CVSS6.9AI score0.00786EPSS
Exploits1
Ubuntu
Ubuntu
•added 2025/04/07 7:29 p.m.•85 views

USN-7423-1: GNU binutils vulnerabilities

It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. CVE-2025-1153, CVE-2025-1182 It was discovered that ld in GNU binutils incorrectly handled certain files. An...

6.3CVSS5.8AI score0.01252EPSS
Exploits5
Ubuntu
Ubuntu
•added 2025/04/03 5:36 p.m.•85 views

USN-7414-1: XZ Utils vulnerability

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.7CVSS7.2AI score0.00647EPSS
Exploits0
Ubuntu
Ubuntu
•added 2025/04/01 8:28 a.m.•85 views

USN-7285-2: nginx vulnerability

USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this...

5.3CVSS5.5AI score0.02646EPSS
Exploits0
Ubuntu
Ubuntu
•added 2025/02/25 3:13 p.m.•85 views

USN-7297-1: ProFTPD vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. CVE-2023-48795 Martin Mirchev discovered that...

7.5CVSS7.4AI score0.9378EPSS
Exploits5
Ubuntu
Ubuntu
•added 2025/02/24 12:32 p.m.•85 views

USN-7287-1: libcap2 vulnerability

Tianjia Zhang discovered the libcap2 PAM module pamcap incorrectly handled parsing group names in the configuration file. This could result in certain users being granted capabilities, contrary to expectations...

6.1CVSS6.7AI score0.00149EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/07/17 4:22 p.m.•85 views

USN-6896-3: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...

9.1CVSS7.5AI score0.01635EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/03/11 8:17 p.m.•85 views

USN-6688-1: Linux kernel (OEM) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

7.8CVSS7.5AI score0.78388EPSS
Exploits19
Ubuntu
Ubuntu
•added 2024/02/22 1:12 a.m.•85 views

USN-6648-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51781 Zhenghan Wang discover...

7.8CVSS7.2AI score0.01999EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/02/14 8:1 a.m.•85 views

USN-6608-2: Linux kernel (NVIDIA) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...

7.8CVSS7.1AI score0.00843EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/12/12 8:36 p.m.•85 views

USN-6548-2: Linux kernel vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/10/19 3:57 p.m.•85 views

USN-6427-2: .NET vulnerability

USN-6427-1 fixed a vulnerability in .NET. This update provides the corresponding update for .NET 8. Original advisory details: It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.2AI score0.99999EPSS
Exploits19
Ubuntu
Ubuntu
•added 2023/07/25 11:36 p.m.•85 views

USN-6250-1: Linux kernel vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 It was discovered that the IP-VLAN...

7.8CVSS7.6AI score0.15783EPSS
Exploits18
Ubuntu
Ubuntu
•added 2023/06/20 7:47 p.m.•85 views

USN-6180-1: VLC media player vulnerabilities

It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and...

7.8CVSS8.2AI score0.02391EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/05/24 8:57 a.m.•85 views

USN-6101-1: GNU binutils vulnerabilities

It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. CVE-2023-1579 It was discovered that GNU binutils did not properly verify the version definitio...

7.8CVSS6.5AI score0.00895EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/05/22 7:49 p.m.•85 views

USN-6095-1: Linux kernel vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...

7.8CVSS7.1AI score0.00635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/04/25 10:23 a.m.•85 views

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

9.8CVSS7.5AI score0.05623EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/29 4:44 p.m.•85 views

USN-5984-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/27 3:18 a.m.•85 views

USN-5972-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS8.3AI score0.00713EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/16 2:21 p.m.•85 views

USN-5960-1: Python vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters...

7.5CVSS7.4AI score0.20459EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/01/06 10:55 p.m.•85 views

USN-5794-1: Linux kernel (AWS) vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Tamás Koczka discovered that th...

8.8CVSS7.7AI score0.21314EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/10/19 9:24 p.m.•85 views

USN-5691-1: Linux kernel vulnerabilities

David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-2602...

8.1CVSS7.3AI score0.03763EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/09/22 4:49 p.m.•85 views

USN-5631-1: libjpeg-turbo vulnerabilities

It was discovered that libjpeg-turbo incorrectly handled certain EOF characters. An attacker could possibly use this issue to cause libjpeg-turbo to consume resource, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-11813 It was discovered that libjpeg-turbo...

8.8CVSS6.6AI score0.03162EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/08/22 12:37 p.m.•85 views

USN-5575-1: Libxslt vulnerabilities

Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2019-5815 Alexey Neyman incorrectly handled certain HTML pages. An attacker...

8.8CVSS7.7AI score0.21623EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/06/16 10:12 a.m.•85 views

LSN-0087-1: Kernel Live Patch Security Notice

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary...

7.2AI score
Exploits6
Ubuntu
Ubuntu
•added 2022/05/12 3:44 p.m.•85 views

USN-5420-1: Vorbis vulnerabilities

It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2017-14160, CVE-2018-10392, CVE-2018-10393...

8.8CVSS6.8AI score0.04575EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/08 9:1 p.m.•85 views

USN-5223-2: Apache Log4j 1.2 vulnerability

USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker coul...

7.5CVSS8.1AI score0.81147EPSS
Exploits9
Ubuntu
Ubuntu
•added 2021/12/07 7:35 p.m.•85 views

USN-5168-4: NSS regression

USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS...

9.8CVSS7.7AI score0.17563EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/11/04 8:12 p.m.•85 views

USN-5133-1: ICU vulnerability

It was discovered that ICU contains a use after free issue. An attacker could use this issue to cause a denial of service with crafted input...

5.5CVSS6.7AI score0.01133EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/07/28 6:14 p.m.•85 views

USN-4944-2: MariaDB regression

USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Original advisory details: Ubuntu 20.04 has been updated to MariaDB 10.3.30...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/05/19 10:47 a.m.•85 views

USN-4961-1: pip vulnerability

It was discovered that pip incorrectly handled unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/09/28 2:43 p.m.•85 views

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7AI score0.00714EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/16 1:7 p.m.•85 views

USN-4502-1: websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

7.5CVSS7.4AI score0.04404EPSS
Exploits1
Total number of security vulnerabilities5000