Lucene search
K
UbuntuMost viewed

10889 matches found

Ubuntu
Ubuntu
added 2022/05/30 3:29 p.m.84 views

USN-5446-2: dpkg vulnerability

USN-5446-1 fixed a vulnerability in dpkg. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Max Justicz discovered that dpkg incorrectly handled unpacking certain source packages. If a user or an automated system were tricked into unpacking a specially...

9.8CVSS8.3AI score0.02871EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/04/28 7:57 p.m.84 views

USN-5398-1: Simple DirectMedia Layer vulnerability

It was discovered that SDL Simple DirectMedia Layer incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

8.8CVSS7.4AI score0.01986EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/04/25 3:37 p.m.84 views

USN-5376-2: Git vulnerability

USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run...

7.8CVSS7.7AI score0.00782EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/02/08 9:1 p.m.84 views

USN-5223-2: Apache Log4j 1.2 vulnerability

USN-5223-1 fixed a vulnerability in Apache Log4j 1.2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker coul...

7.5CVSS8.1AI score0.81147EPSS
Exploits9
Ubuntu
Ubuntu
added 2022/01/19 12:42 p.m.84 views

USN-5233-2: ClamAV vulnerability

USN-5233-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled memory when the CLSCANGENERALCOLLECTMETADATA scan option was enabled. A remote attacker...

7.5CVSS7.2AI score0.03061EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/12/07 7:35 p.m.84 views

USN-5168-4: NSS regression

USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS...

9.8CVSS7.7AI score0.17563EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/09 5:6 p.m.84 views

USN-4726-1: OpenJDK vulnerability

It was discovered that OpenJDK incorrectly handled the direct buffering of characters. An attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or cause other unspecified impact...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/10/05 1:32 p.m.84 views

USN-4569-1: Yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...

10CVSS8.4AI score0.17374EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/09/28 2:43 p.m.84 views

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7AI score0.00714EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/08/10 7:10 p.m.84 views

USN-4454-2: Samba vulnerability

USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT...

7.5CVSS7.9AI score0.03539EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/08/04 11:54 p.m.84 views

USN-4432-2: GRUB2 regression

USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems either pre-UEFI or UEFI configured in Legacy mode, preventing them from successfully booting. This update addresses the issue. Users with BIOS syste...

8.1AI score
Exploits0References2
Ubuntu
Ubuntu
added 2020/07/02 1:39 p.m.84 views

USN-4408-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

9.3CVSS8AI score0.03034EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/06/04 12:57 p.m.84 views

USN-4381-2: Django vulnerabilities

USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of...

6.1CVSS6.7AI score0.06041EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/03/30 6:10 p.m.84 views

USN-4313-1: Linux kernel vulnerability

Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information kernel memory or gain administrative privileges...

7.8CVSS7.1AI score0.0606EPSS
Exploits9
Ubuntu
Ubuntu
added 2020/03/30 12:0 p.m.84 views

USN-4308-2: Twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

9.8CVSS7.1AI score0.04083EPSS
Exploits3
Ubuntu
Ubuntu
added 2020/02/18 4:56 p.m.84 views

USN-4283-1: QEMU vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that QEMU incorrectly handled iSCSI server responses. A remote attacker in control of the iSCSI server could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. CVE-2020-1711 I...

7.7CVSS7.5AI score0.04018EPSS
Exploits0
Ubuntu
Ubuntu
added 2019/09/03 8:59 p.m.84 views

USN-4121-1: Samba vulnerability

Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem...

9.1CVSS7.5AI score0.03182EPSS
Exploits0
Ubuntu
Ubuntu
added 2019/04/11 7:44 p.m.84 views

USN-3946-1: rssh vulnerabilities

It was discovered that rssh incorrectly handled certain command-line arguments and environment variables. An authenticated user could bypass rssh's command restrictions, allowing an attacker to run arbitrary commands...

9.8CVSS8.2AI score0.04869EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/08/24 12:46 a.m.84 views

USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the generic SCSI driver in the Linux kernel did not properly...

7.8CVSS7.3AI score0.02342EPSS
Exploits8
Ubuntu
Ubuntu
added 2018/05/29 12:48 p.m.84 views

USN-3661-1: Batik vulnerability

It was discovered that Batik incorrectly handled certain XML. An attacker could possibly use this to expose sensitive information...

9.8CVSS8.2AI score0.19523EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/05/23 2:38 p.m.84 views

USN-3658-1: procps-ng vulnerabilities

It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. CVE-2018-1122 It was discovered that the procps-ng ps tool incorrectly handled memory. A local user...

9.8CVSS7.3AI score0.09081EPSS
Exploits9
Ubuntu
Ubuntu
added 2017/11/08 7:48 a.m.84 views

USN-3473-1: OpenJDK 8 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

9.6CVSS6.5AI score0.16181EPSS
Exploits2
Ubuntu
Ubuntu
added 2017/10/11 12:7 p.m.84 views

USN-3452-1: Ceph vulnerabilities

It was discovered that Ceph incorrectly handled the handlecommand function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. CVE-2016-5009 Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacke...

7.5CVSS6.2AI score0.04396EPSS
Exploits2
Ubuntu
Ubuntu
added 2016/12/19 5:34 p.m.84 views

USN-3158-1: Samba vulnerabilities

Frederic Besler and others discovered that the ndrpulldnspnam function in Samba contained an integer overflow. An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. CVE-2016-2123 Simo Sorce...

8.8CVSS6.7AI score0.09199EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/10/20 3:11 a.m.84 views

USN-3106-3: Linux kernel (Raspberry Pi 2) vulnerability

It was discovered that a race condition existed in the memory manager of the Linux kernel when handling copy-on-write breakage of private read-only memory mappings. A local attacker could use this to gain administrative privileges...

7.2CVSS7.6AI score0.83524EPSS
Exploits81
Ubuntu
Ubuntu
added 2016/06/27 9:11 p.m.84 views

USN-3018-1: Linux kernel vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
added 2016/06/06 3:26 p.m.84 views

USN-2992-1: Oxide vulnerabilities

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1673 An issue was discovered with Document reattachment in Blink in some circumstances. ...

8.8CVSS7.5AI score0.03094EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/05/16 7:1 p.m.84 views

USN-2979-3: Linux kernel (Raspberry Pi 2) vulnerability

Philip Pettersson discovered that the Linux kernel's ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privilege...

7.8CVSS7.3AI score0.00397EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/03/14 5:10 p.m.84 views

USN-2929-1: Linux kernel vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

8.4CVSS7AI score0.03723EPSS
Exploits22
Ubuntu
Ubuntu
added 2016/02/27 8:49 a.m.84 views

USN-2908-5: Linux kernel (Wily HWE) regression

USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics displays for Ubuntu 14.04 LTS guests running the Ubuntu 15.10 backport kernel within VMWare virtual machines. This update fixes the...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2015/12/20 12:7 p.m.84 views

USN-2853-1: Linux kernel (Wily HWE) vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

8.2CVSS7.2AI score0.0108EPSS
Exploits2
Ubuntu
Ubuntu
added 2015/12/19 11:44 a.m.84 views

USN-2851-1: Linux kernel vulnerabilities

Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service crash the host or potentially execute arbitrary code on the host. CVE-2015-8550...

8.2CVSS7.2AI score0.0108EPSS
Exploits2
Ubuntu
Ubuntu
added 2015/11/10 4:1 a.m.84 views

USN-2806-1: Linux kernel (Vivid HWE) vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS...

4.9CVSS6.9AI score0.00566EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/09/03 8:37 p.m.84 views

USN-2731-1: Linux kernel vulnerability

Benjamin Randazzo discovered an information leak in the md multiple device driver when the bitmapinfo.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel...

2.1CVSS7.2AI score0.00464EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/08/18 12:40 a.m.84 views

USN-2713-1: Linux kernel vulnerabilities

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service system crash. CVE-2015-3212 A flaw was...

7.8CVSS7.1AI score0.06267EPSS
Exploits0
Ubuntu
Ubuntu
added 2015/05/05 10:1 p.m.84 views

USN-2597-1: Linux kernel (Trusty HWE) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
added 2014/08/13 10:53 a.m.84 views

USN-2313-1: Linux kernel (Trusty HWE) vulnerability

An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS...

3.3CVSS7.1AI score0.0036EPSS
Exploits0
Ubuntu
Ubuntu
added 2014/03/07 11:56 a.m.84 views

USN-2138-1: Linux kernel vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. CVE-2013-4579 Andrew Honig reported a flaw in the Linux Kernel's kvmvmioctlcreatevcpu function ...

7.2CVSS7AI score0.10209EPSS
Exploits7
Ubuntu
Ubuntu
added 2014/03/03 6:3 p.m.84 views

USN-2126-1: PHP vulnerabilities

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-1943 It was discovered that PHP incorrectly handled certain values whe...

6.8CVSS8.5AI score0.06732EPSS
Exploits3
Ubuntu
Ubuntu
added 2014/02/18 10:12 p.m.84 views

USN-2109-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...

7.2CVSS7.1AI score0.09408EPSS
Exploits5
Ubuntu
Ubuntu
added 2013/08/20 12:37 p.m.84 views

USN-1935-1: Linux kernel vulnerabilities

Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service system crash. CVE-2013-1059 An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtai...

7.8CVSS6.8AI score0.04672EPSS
Exploits3
Ubuntu
Ubuntu
added 2013/07/23 12:59 p.m.84 views

USN-1908-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-1500, CVE-2013-2454, CVE-2013-2458 A vulnerability was discovered in the OpenJDK Javadoc related to...

10CVSS7.7AI score0.98704EPSS
Exploits23
Ubuntu
Ubuntu
added 2013/06/14 7:24 a.m.84 views

USN-1883-1: Linux kernel (OMAP4) vulnerabilities

Kees Cook discovered a flaw in the Linux kernel's iSCSI subsystem. A remote unauthenticated attacker could exploit this flaw to cause a denial of service system crash or potentially gain administrative privileges. CVE-2013-2850 Andy Lutomirski discover an error in the Linux kernel's credential...

7.9CVSS6.3AI score0.07313EPSS
Exploits8
Ubuntu
Ubuntu
added 2013/04/25 12:15 a.m.84 views

USN-1807-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, th...

7.5CVSS6.7AI score0.0283EPSS
Exploits0
Ubuntu
Ubuntu
added 2013/01/18 3:48 a.m.84 views

USN-1698-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. CVE-2012-4530 Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not...

4.9CVSS5.7AI score0.00882EPSS
Exploits2
Ubuntu
Ubuntu
added 2013/01/15 8:58 a.m.84 views

USN-1689-1: Linux kernel vulnerabilities

Jon Howell reported a flaw in the Linux kernel's KVM Kernel-based virtual machine subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. CVE-2012-4461 A flaw was discovered in...

2.1CVSS6.5AI score0.00882EPSS
Exploits1
Ubuntu
Ubuntu
added 2012/10/12 6:37 p.m.84 views

USN-1611-1: Thunderbird vulnerabilities

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the...

10CVSS8.9AI score0.42609EPSS
Exploits8References2
Ubuntu
Ubuntu
added 2012/09/19 9:44 p.m.84 views

USN-1575-1: Linux kernel (Oneiric backport) vulnerabilities

Ben Hutchings reported a flaw in the Linux kernel with some network drivers that support TSO TCP segment offload. A local or peer user could exploit this flaw to to cause a denial of service. CVE-2012-3412 Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel implementation of RDS...

7.8CVSS6.6AI score0.06158EPSS
Exploits3
Ubuntu
Ubuntu
added 2012/04/12 6:31 p.m.84 views

USN-1421-1: Linux kernel (Maverick backport) vulnerabilities

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. CVE-2011-4347 Stephan Bärwolf discovered a flaw in the KVM kernel-based virtual machin...

7.8CVSS6.5AI score0.01014EPSS
Exploits4
Ubuntu
Ubuntu
added 2012/03/06 6:38 p.m.84 views

USN-1388-1: Linux kernel (EC2) vulnerabilities

Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in KVM's Programmable Interval Timer PIT...

7.1CVSS6.8AI score0.02678EPSS
Exploits5
Total number of security vulnerabilities5000