Lucene search
K
UbuntuMost viewed

10904 matches found

Ubuntu
Ubuntu
•added 2023/06/01 9:39 p.m.•82 views

USN-6133-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

8.1CVSS7.1AI score0.01029EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/27 10:38 p.m.•82 views

USN-5977-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the KVM VMX...

8.8CVSS7.1AI score0.00305EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/27 10:26 p.m.•82 views

USN-5976-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.2AI score0.01016EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/11/14 7:34 p.m.•82 views

USN-5723-1: Vim vulnerabilities

It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. CVE-2022-1674 It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to...

7.8CVSS7.5AI score0.01554EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/09/19 4:56 p.m.•82 views

USN-5617-1: Xen vulnerabilities

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use th...

8.8CVSS7AI score0.0054EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/08/30 5:7 p.m.•82 views

USN-5589-1: Linux kernel vulnerabilities

Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. CVE-2021-33061 It was discovered that the virtual terminal driver in the...

6.8CVSS7.1AI score0.00537EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/08/24 4:32 p.m.•82 views

USN-5578-2: Open VM Tools vulnerability

USN-5578-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root...

7.8CVSS7.1AI score0.0054EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/08/04 3:56 p.m.•82 views

USN-5549-1: Django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

8.8CVSS8AI score0.00654EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/05/04 12:17 p.m.•82 views

USN-5401-1: DPDK vulnerabilities

Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2021-3839 It was discovered that DPDK incorrectly handled inflight type messages. An attacker...

7.5CVSS7.2AI score0.01259EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/11/17 1:35 p.m.•82 views

USN-4635-1: Kerberos vulnerability

Demi Obenour discovered that Kerberos incorrectly handled certain ASN.1. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.5AI score0.04365EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/11/12 1:22 p.m.•82 views

USN-4171-6: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/10/07 7:32 p.m.•82 views

USN-4574-1: libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...

7.5CVSS7AI score0.0245EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 4:41 p.m.•82 views

USN-4551-1: Squid vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15049 Amit Klein discovered that Squid incorrectly validated...

9.9CVSS6.9AI score0.05706EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/16 3:25 p.m.•82 views

USN-4505-1: PHPMailer vulnerability

Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions. CVE-2020-13625...

7.5CVSS7AI score0.0378EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/10 9:49 a.m.•82 views

LSN-0071-1: Kernel Live Patch Security Notice

Or Cohen discovered that the AFPACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-14386...

7.8CVSS6.8AI score0.01308EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/09 4:33 p.m.•82 views

USN-4488-2: X.Org X Server vulnerabilities

USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attack...

7.8CVSS7AI score0.00629EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/02 1:5 p.m.•82 views

USN-4487-1: libx11 vulnerabilities

Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. CVE-2020-14344 Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate...

7.8CVSS7.2AI score0.00575EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 4:29 p.m.•82 views

USN-4435-2: ClamAV vulnerabilities

USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause...

7.5CVSS7.7AI score0.05063EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/06/01 8:8 p.m.•82 views

USN-4380-1: Apache Ant vulnerability

It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...

6.3CVSS7.4AI score0.01793EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/01/28 1:0 p.m.•82 views

USN-4256-1: Cyrus SASL vulnerability

It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

7.5CVSS8AI score0.08036EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/04/23 4:17 p.m.•82 views

USN-3936-2: AdvanceCOMP vulnerability

USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. Original advisory details: It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code...

7.8CVSS5.9AI score0.01424EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/08/14 10:9 p.m.•82 views

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...

7.8CVSS6.9AI score0.7354EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2018/05/22 10:42 p.m.•82 views

USN-3656-1: Linux kernel (Raspberry Pi 2, Snapdragon) vulnerabilities

Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-17975 It was discovered that a race condition existed in the F2FS implementatio...

7.8CVSS7.1AI score0.00559EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/05/22 3:31 a.m.•82 views

USN-3653-1: Linux kernel vulnerabilities

Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memor...

7.8CVSS7.7AI score0.60631EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2017/10/10 11:39 p.m.•82 views

USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schönherr discovered that the Xen subsystem did not properly handle block IO...

8.8CVSS6.6AI score0.00497EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 4:58 p.m.•82 views

USN-3393-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...

7.8CVSS7.2AI score0.01976EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/07/21 9:59 a.m.•82 views

USN-3361-1: Linux kernel (HWE) vulnerabilities

USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu...

10CVSS7.4AI score0.1081EPSS
Exploits7
Ubuntu
Ubuntu
•added 2017/03/08 2:11 a.m.•82 views

USN-3220-1: Linux kernel vulnerability

Alexander Popov discovered that the NHDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges...

7CVSS6.7AI score0.01029EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/02/22 12:33 a.m.•82 views

USN-3207-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the block device layer of the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly gain administrative privileges. CVE-2016-7910 Dmitry Vyukov discovered a use-after-free vulnerability ...

9.3CVSS6.8AI score0.0596EPSS
Exploits14
Ubuntu
Ubuntu
•added 2017/02/16 11:52 p.m.•82 views

USN-3199-1: Python Crypto vulnerability

It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter...

9.8CVSS9.1AI score0.09501EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/02/06 6:42 p.m.•82 views

USN-3192-1: Squid vulnerabilities

Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. CVE-2016-10002 Felix Hassert discovered that Squid incorrectly handled...

7.5CVSS6.6AI score0.06766EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/12/05 1:6 p.m.•82 views

USN-3151-3: Linux kernel (Qualcomm Snapdragon) vulnerability

Philip Pettersson discovered a race condition in the afpacket implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service system crash or run arbitrary code with administrative privileges...

7.8CVSS7.5AI score0.11127EPSS
Exploits16
Ubuntu
Ubuntu
•added 2016/11/30 7:46 p.m.•82 views

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel...

7.8CVSS6.8AI score0.00647EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/08/29 7:35 p.m.•82 views

USN-3072-2: Linux kernel (OMAP4) vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/06/27 11:56 p.m.•82 views

USN-3021-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

7.8CVSS6.3AI score0.04178EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/06/10 5:42 a.m.•82 views

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/05/10 8:35 p.m.•82 views

USN-2972-1: OpenJDK 6 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0686, CVE-2016-0687,...

10CVSS7.5AI score0.92334EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/04/06 7:35 a.m.•82 views

USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities

Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7566 Ralf Spenneberg discovered that the usbvision driver in...

10CVSS7.1AI score0.14281EPSS
Exploits11
Ubuntu
Ubuntu
•added 2016/04/06 7:10 a.m.•82 views

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/02/22 8:41 p.m.•82 views

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

7.8CVSS7.2AI score0.01061EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/12/17 7:37 p.m.•82 views

USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities

郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl on /dev/ppp could cause a denial of service system crash. CVE-2015-7799 Dmitry Vyukov discovered that the Linux kernel's keyring...

4.9CVSS6.3AI score0.00646EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/11/10 3:2 a.m.•82 views

USN-2802-1: Linux kernel vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS...

4.9CVSS6.9AI score0.00566EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/08/18 12:43 a.m.•82 views

USN-2714-1: Linux kernel (OMAP4) vulnerabilities

Marcelo Ricardo Leitner discovered a race condition in the Linux kernel's SCTP address configuration lists when using Address Configuration Change ASCONF options on a socket. An unprivileged local user could exploit this flaw to cause a denial of service system crash. CVE-2015-3212 A flaw was...

7.8CVSS7.1AI score0.06267EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:20 p.m.•82 views

USN-2599-1: Linux kernel (Utopic HWE) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/08 10:20 p.m.•82 views

USN-2560-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...

5CVSS6.7AI score0.03742EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/03/12 6:44 a.m.•82 views

USN-2530-1: Linux kernel vulnerability

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service system crash or to potentially gain administrative privileges...

6.9CVSS6.2AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/02/26 11:13 a.m.•82 views

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/10/23 2:38 a.m.•82 views

USN-2388-1: OpenJDK 7 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. CVE-2014-6457 Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. CVE-2014-6502,...

6.8CVSS7AI score0.04102EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2014/07/16 11:39 p.m.•82 views

USN-2284-1: Linux kernel (OMAP4) vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86...

6.9CVSS6.7AI score0.02324EPSS
Exploits14
Ubuntu
Ubuntu
•added 2014/06/17 9:50 p.m.•82 views

USN-2247-1: OpenStack Nova vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...

7.1CVSS5.5AI score0.02159EPSS
Exploits2
Total number of security vulnerabilities5000