Lucene search
K
UbuntuMost viewed

10890 matches found

Ubuntu
Ubuntu
•added 2017/10/10 11:39 p.m.•82 views

USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO...

8.8CVSS6.6AI score0.00497EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 4:58 p.m.•82 views

USN-3393-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...

7.8CVSS7.2AI score0.01976EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/07/21 9:59 a.m.•82 views

USN-3361-1: Linux kernel (HWE) vulnerabilities

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu...

10CVSS7.4AI score0.1081EPSS
Exploits7
Ubuntu
Ubuntu
•added 2017/03/08 2:11 a.m.•82 views

USN-3220-1: Linux kernel vulnerability

Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges...

7CVSS6.7AI score0.01029EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/02/22 12:33 a.m.•82 views

USN-3207-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-7910 Dmitry Vyukov discovered a use-after-free vulnerability ...

9.3CVSS6.8AI score0.0596EPSS
Exploits14
Ubuntu
Ubuntu
•added 2017/02/16 11:52 p.m.•82 views

USN-3199-1: Python Crypto vulnerability

It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...

9.8CVSS9.1AI score0.09501EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/06 6:42 p.m.•82 views

USN-3192-1: Squid vulnerabilities

Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. CVE-2016-10002 Felix Hassert discovered that Squid incorrectly handled...

7.5CVSS6.6AI score0.06766EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/12/05 1:6 p.m.•82 views

USN-3151-3: Linux kernel (Qualcomm Snapdragon) vulnerability

Philip Pettersson discovered a race condition in the afpacket implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service system crash or run arbitrary code with administrative privileges...

7.8CVSS7.5AI score0.11127EPSS
Exploits16
Ubuntu
Ubuntu
•added 2016/11/30 7:46 p.m.•82 views

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel...

7.8CVSS6.8AI score0.00647EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/10/11 7:26 a.m.•82 views

USN-3099-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Vladimír Beneš discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload GRO processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service system crash. CVE-2016-7039 Marco Grassi discovered a...

7.8CVSS6.9AI score0.07613EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/10/11 4:37 a.m.•82 views

USN-3097-1: Linux kernel vulnerabilities

Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2016-6828 Pengfei Wang discovered a race condition in the...

5.5CVSS6.5AI score0.01181EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/08/29 7:35 p.m.•82 views

USN-3072-2: Linux kernel (OMAP4) vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/07/27 6:58 a.m.•82 views

USN-3043-1: OpenJDK 8 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-3587, CVE-2016-3598,...

9.6CVSS7.5AI score0.0669EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/27 11:56 p.m.•82 views

USN-3021-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

7.8CVSS6.3AI score0.04178EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/06/10 5:42 a.m.•82 views

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/05/10 8:35 p.m.•82 views

USN-2972-1: OpenJDK 6 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0686, CVE-2016-0687,...

10CVSS7.5AI score0.92334EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/04/06 7:35 a.m.•82 views

USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities

Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7566 Ralf Spenneberg discovered that the usbvision driver in...

10CVSS7.1AI score0.14281EPSS
Exploits11
Ubuntu
Ubuntu
•added 2016/04/06 7:10 a.m.•82 views

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/02/22 8:41 p.m.•82 views

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

7.8CVSS7.2AI score0.01061EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/11/10 3:2 a.m.•82 views

USN-2802-1: Linux kernel vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS...

4.9CVSS6.9AI score0.00566EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/08/18 12:43 a.m.•82 views

USN-2714-1: Linux kernel (OMAP4) vulnerabilities

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service system crash. CVE-2015-3212 A flaw was...

7.8CVSS7.1AI score0.06267EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/07/23 11:53 p.m.•82 views

USN-2683-1: Linux kernel (Vivid HWE) vulnerabilities

A flaw was discovered in the kvm kernel virtual machine subsystem's kvmapichasevents function. A unprivileged local user could exploit this flaw to cause a denial of service system crash. CVE-2015-4692 Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A...

7.8CVSS6.8AI score0.06267EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/08 10:20 p.m.•82 views

USN-2560-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...

5CVSS6.7AI score0.03742EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/02/26 11:13 a.m.•82 views

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/01/27 4:18 p.m.•82 views

USN-2485-1: GNU C Library vulnerability

It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service...

10CVSS8.2AI score0.94859EPSS
Exploits29References1
Ubuntu
Ubuntu
•added 2014/10/23 2:38 a.m.•82 views

USN-2388-1: OpenJDK 7 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. CVE-2014-6457 Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. CVE-2014-6502,...

6.8CVSS7AI score0.04102EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2014/07/16 11:39 p.m.•82 views

USN-2284-1: Linux kernel (OMAP4) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86...

6.9CVSS6.7AI score0.02324EPSS
Exploits14
Ubuntu
Ubuntu
•added 2014/06/23 12:5 p.m.•82 views

USN-2254-1: PHP vulnerabilities

Christian Hoffmann discovered that the PHP FastCGI Process Manager FPM set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. CVE-2014-0185 Francisco...

7.2CVSS7.6AI score0.20805EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/06/17 9:50 p.m.•82 views

USN-2247-1: OpenStack Nova vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...

7.1CVSS5.5AI score0.02159EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/05/15 5:26 p.m.•82 views

USN-2214-1: libxml2 vulnerability

Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...

4.3CVSS7AI score0.081EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/04/26 1:51 p.m.•82 views

USN-2179-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine KVM subsystem of the Linux kernel. A guest OS user could exploit this flaw to execute arbitrary code on the host OS. CVE-2014-0049 Al Viro discovered an error in how CIFS in the Linux kernel handles uncached write operations. An unprivileged loc...

7.4CVSS7.2AI score0.00775EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/03 10:58 a.m.•82 views

USN-2071-1: Linux kernel vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/01/03 10:44 a.m.•82 views

USN-2067-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

8.8CVSS7.4AI score0.39711EPSS
Exploits18
Ubuntu
Ubuntu
•added 2013/09/05 6:18 p.m.•82 views

USN-1937-1: PHP vulnerability

It was discovered that PHP did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

4.3CVSS7.2AI score0.03588EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/06/14 7:3 a.m.•82 views

USN-1881-1: Linux kernel vulnerabilities

Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. CVE-2013-1979 An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local...

6.9CVSS6.3AI score0.00732EPSS
Exploits8
Ubuntu
Ubuntu
•added 2013/04/08 12:50 p.m.•82 views

USN-1791-1: Thunderbird vulnerabilities

Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a...

10CVSS8.5AI score0.07953EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2012/08/30 6:10 p.m.•82 views

USN-1551-1: Thunderbird vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could...

10CVSS8.3AI score0.07762EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2012/08/29 4:41 p.m.•82 views

USN-1548-1: Firefox vulnerabilities

Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit...

10CVSS8.7AI score0.07762EPSS
Exploits3References1
Ubuntu
Ubuntu
•added 2012/08/14 9:54 p.m.•82 views

USN-1539-1: Linux kernel (Oneiric backport) vulnerabilities

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface which is not available to unprivileged users until granted by a root user could exploit this flaw to crash the system or potential gain administrative privileges...

7.6CVSS6.8AI score0.08738EPSS
Exploits9
Ubuntu
Ubuntu
•added 2012/08/10 6:21 p.m.•82 views

USN-1529-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM Kernel-based Virtual Machine to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhostnet module is loaded with the...

7.8CVSS6.9AI score0.08738EPSS
Exploits11
Ubuntu
Ubuntu
•added 2012/06/12 9:12 p.m.•82 views

USN-1470-1: Linux kernel (Natty backport) vulnerabilities

Andy Adamson discovered a flaw in the Linux kernel's NFSv4 implementation. A remote NFS server attacker could exploit this flaw to cause a denial of service. CVE-2011-4131 A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit...

7.2CVSS6.7AI score0.00775EPSS
Exploits2
Ubuntu
Ubuntu
•added 2012/05/08 5:59 a.m.•82 views

USN-1432-1: Linux kernel vulnerabilities

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. CVE-2011-4086 A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to...

7.1CVSS6.1AI score0.02678EPSS
Exploits1
Ubuntu
Ubuntu
•added 2012/01/13 5:52 a.m.•82 views

USN-1332-1: Linux kernel (Maverick backport) vulnerabilities

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Dan Rosenberg reported an error in the old ABI compatibility layer of ARM kernels. A local attacker could...

7.2CVSS7.4AI score0.00489EPSS
Exploits4
Ubuntu
Ubuntu
•added 2012/01/11 10:56 a.m.•82 views

USN-1325-1: Linux kernel (OMAP4) vulnerabilities

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel...

7.8CVSS6.5AI score0.03255EPSS
Exploits4
Ubuntu
Ubuntu
•added 2011/09/28 10:50 p.m.•82 views

USN-1213-1: Thunderbird vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...

10CVSS8.9AI score0.04379EPSS
Exploits2
Ubuntu
Ubuntu
•added 2011/09/28 6:56 p.m.•82 views

USN-1210-1: Firefox and Xulrunner vulnerabilities

Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. CVE-2011-2995, CVE-2011-2996 Boris Zbarsky...

10CVSS8.9AI score0.04379EPSS
Exploits2
Ubuntu
Ubuntu
•added 2011/07/13 10:18 p.m.•82 views

USN-1167-1: Linux kernel vulnerabilities

Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. CVE-2011-1927 Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file...

9.8CVSS7.1AI score0.04364EPSS
Exploits23
Ubuntu
Ubuntu
•added 2010/09/20 6:22 p.m.•82 views

USN-989-1: PHP vulnerabilities

Auke van Slooten discovered that PHP incorrectly handled certain xmlrpc requests. An attacker could exploit this issue to cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. CVE-2010-0397 It was discovered that the...

9.8CVSS8.9AI score0.12652EPSS
Exploits11
Ubuntu
Ubuntu
•added 2010/05/27 9:6 p.m.•82 views

USN-945-1: ClamAV vulnerabilities

It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. CVE-2010-1639 An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted...

4.3CVSS5.3AI score0.02889EPSS
Exploits0
Ubuntu
Ubuntu
•added 2010/02/10 2:56 p.m.•82 views

USN-897-1: MySQL vulnerabilities

It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL...

8.5CVSS7.6AI score0.69552EPSS
Exploits11
Total number of security vulnerabilities5000