Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
added 2009/08/08 12:41 a.m.78 views

USN-811-1: Firefox and Xulrunner vulnerability

Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL...

5.8CVSS8.3AI score0.04745EPSS
Exploits1
Ubuntu
Ubuntu
added 2009/05/12 10:23 p.m.78 views

USN-776-1: KVM vulnerabilities

Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. CVE-2008-1945, CVE-2008-2004 Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly...

7.8CVSS7.8AI score0.06619EPSS
Exploits3
Ubuntu
Ubuntu
added 2009/03/05 11:41 p.m.78 views

USN-728-1: Firefox and Xulrunner vulnerabilities

Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of t...

10CVSS8.7AI score0.05789EPSS
Exploits3
Ubuntu
Ubuntu
added 2009/02/11 1:44 a.m.78 views

USN-717-3: Firefox vulnerabilities

Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. CVE-2008-5510 Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were...

5CVSS8.4AI score0.02212EPSS
Exploits0
Ubuntu
Ubuntu
added 2008/11/27 5:43 p.m.78 views

USN-679-1: Linux kernel vulnerabilities

It was discovered that the Xen hypervisor block driver did not correctly validate requests. A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service. This only affected Ubuntu 7.10...

7.8CVSS7.1AI score0.0368EPSS
Exploits7
Ubuntu
Ubuntu
added 2008/11/17 9:37 p.m.78 views

USN-672-1: ClamAV vulnerability

Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service...

9.3CVSS5.3AI score0.08293EPSS
Exploits1
Ubuntu
Ubuntu
added 2008/10/01 10:18 p.m.78 views

USN-649-1: OpenSSH vulnerabilities

It was discovered that the ForceCommand directive could be bypassed. If a local user created a malicious /.ssh/rc file, they could execute arbitrary commands as their user id. This only affected Ubuntu 7.10. CVE-2008-1657 USN-355-1 fixed vulnerabilities in OpenSSH. It was discovered that the fixe...

6.5CVSS8AI score0.28601EPSS
Exploits9
Ubuntu
Ubuntu
added 2008/09/24 10:20 a.m.78 views

USN-645-1: Firefox and xulrunner vulnerabilities

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...

10CVSS8.9AI score0.43921EPSS
Exploits15
Ubuntu
Ubuntu
added 2006/09/29 12:30 a.m.78 views

USN-353-1: openssl vulnerabilities

Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available...

10CVSS8AI score0.48575EPSS
Exploits10
Ubuntu
Ubuntu
added 2024/07/31 5:7 a.m.77 views

USN-6932-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 was not properly bounding certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2024-21131 It was discovered that the Hotspot...

7.4CVSS7.5AI score0.01257EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/07/26 1:52 p.m.77 views

USN-6917-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Gui-Dong Han discovered that the...

9.8CVSS7.1AI score0.01401EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/05/16 4:47 p.m.77 views

USN-6776-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/03/28 8:44 p.m.77 views

USN-6707-4: Linux kernel (Azure) vulnerabilities

Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.7AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
added 2024/01/02 9:28 a.m.77 views

USN-6563-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.9AI score0.20472EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/11/02 3:30 a.m.77 views

USN-6468-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

9.8CVSS7.7AI score0.01585EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/10/17 11:22 a.m.77 views

USN-6429-3: curl vulnerabilities

USN-6429-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 23.10. Original advisory details: Jay Satiro discovered that curl incorrectly handled hostnames when using a SOCKS5 proxy. In environments where curl is configured to use a SOCKS5 proxy, a remote...

9.8CVSS7.8AI score0.78483EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/09/19 5:42 p.m.77 views

USN-6384-1: Linux kernel (OEM) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 Lonial Con discover...

5.5CVSS6.9AI score0.12405EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/09/14 12:10 p.m.77 views

USN-6369-1: libwebp vulnerability

It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary co...

8.8CVSS7.9AI score0.99694EPSS
Exploits9
Ubuntu
Ubuntu
added 2023/09/06 12:31 a.m.77 views

USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

7.8CVSS7.7AI score0.05794EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/08/30 4:21 a.m.77 views

USN-6320-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-4573, CVE-2023-4574,...

8.8CVSS7.7AI score0.00693EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/08/28 10:17 p.m.77 views

USN-6311-1: Linux kernel vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

10CVSS7.4AI score0.0406EPSS
Exploits4
Ubuntu
Ubuntu
added 2023/08/11 4:7 p.m.77 views

USN-6284-1: Linux kernel vulnerabilities

It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service infinite recursion. CVE-2020-36691 Billy Jheng Bing Jhong discovered that the CIFS network...

7.8CVSS7AI score0.00491EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/07/19 5:34 p.m.77 views

USN-6237-2: curl regression

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...

6.6AI score0.02211EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2023/07/10 1:6 p.m.77 views

USN-6213-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code...

7.8CVSS8.1AI score0.03236EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/05/04 8:10 a.m.77 views

USN-6055-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

5.3CVSS7.6AI score0.02637EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/04/19 1:17 a.m.77 views

USN-6024-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 Lin Ma discovered a race condition in t...

7.8CVSS7.2AI score0.00964EPSS
Exploits4
Ubuntu
Ubuntu
added 2023/03/29 6:22 p.m.77 views

USN-5987-1: Linux kernel vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.7AI score0.71737EPSS
Exploits7
Ubuntu
Ubuntu
added 2023/03/20 5:28 p.m.77 views

USN-5904-2: SoX regression

USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

5.5CVSS7.1AI score0.00457EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/03/03 2:58 p.m.77 views

USN-5917-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/02/16 2:9 p.m.77 views

USN-5778-2: X.Org X Server vulnerabilities

USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these...

8.8CVSS8AI score0.02685EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/06 3:30 a.m.77 views

USN-5816-2: Firefox regressions

USN-5816-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security openin...

8.2AI score
Exploits0References1
Ubuntu
Ubuntu
added 2022/12/12 1:28 p.m.77 views

USN-5773-1: Linux kernel (OEM) vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Jann Horn discovered that the...

7.8CVSS7.3AI score0.21314EPSS
Exploits3
Ubuntu
Ubuntu
added 2022/10/20 12:52 p.m.77 views

USN-5694-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...

8.8CVSS7.5AI score0.04354EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/09/06 9:23 a.m.77 views

USN-5238-1: PostgreSQL JDBC Driver vulnerability

It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...

7.7CVSS7.8AI score0.04094EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/08/03 9:37 p.m.77 views

USN-5547-1: NVIDIA graphics drivers vulnerabilities

Le Wu discovered that the NVIDIA graphics drivers did not properly perform input validation in some situations. A local user could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-31607 Tal Lossos discovered that the NVIDIA graphics drivers incorrectly handled...

7.8CVSS7AI score0.00245EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/07/28 5:31 a.m.77 views

USN-5535-1: Intel Microcode vulnerabilities

Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. CVE-2021-0145 Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug...

6.8CVSS6.2AI score0.06451EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/07/07 12:9 p.m.77 views

USN-5506-1: NSS vulnerabilities

Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. CVE-2022-22747 Ronald Crane...

8.8CVSS8.2AI score0.0063EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/07/06 4:52 p.m.77 views

USN-5488-2: OpenSSL vulnerability

USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary...

10CVSS7.7AI score0.95764EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/07/05 1:18 p.m.77 views

USN-5503-1: GnuPG vulnerability

Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures...

6.5CVSS7.4AI score0.02551EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/06/06 10:21 p.m.77 views

USN-5462-2: Ruby vulnerability

USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive...

7.5CVSS7.3AI score0.04127EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/06/02 4:41 p.m.77 views

USN-5459-1: cifs-utils vulnerabilities

Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14342 It was discovered that cifs-utils...

7.8CVSS6.5AI score0.01804EPSS
Exploits1
Ubuntu
Ubuntu
added 2022/05/16 9:10 a.m.77 views

USN-5421-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-35522 Chintan Shah discovere...

7.1CVSS6.8AI score0.01574EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/12/16 7:32 p.m.77 views

USN-5198-1: HTMLDOC vulnerability

It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service...

7.8CVSS7.2AI score0.01268EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/11/10 10:9 p.m.77 views

USN-5138-1: python-py vulnerability

The py.path.svnwc component of py aka python-py through v1.9.0 contains a regular expression with an ambiguous subpattern that is susceptible to catastrophic backtracing. This could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...

7.5CVSS6.8AI score0.04607EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/03 6:35 p.m.77 views

USN-4661-1: Snapcraft vulnerability

It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...

6.8CVSS6.6AI score0.00673EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2020/11/30 9:4 p.m.77 views

USN-4653-1: containerd vulnerability

It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges...

5.2CVSS6.5AI score0.03236EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/09/28 12:54 p.m.77 views

USN-3968-3: Sudo vulnerabilities

USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

7.8CVSS7.2AI score0.00493EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/09/14 12:23 p.m.77 views

USN-4493-1: cryptsetup vulnerability

It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

7.8CVSS7.8AI score0.01157EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/07/23 8:9 p.m.77 views

USN-4434-1: LibVNCServer vulnerabilities

Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. CVE-2019-20839 It was discovered that LibVNCServer did no...

7.5CVSS7.2AI score0.03589EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/06/15 1:23 p.m.77 views

USN-4395-1: fwupd vulnerability

Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware...

6CVSS6.1AI score0.0049EPSS
Exploits1
Total number of security vulnerabilities5000