Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2006/07/11 6:53 p.m.•77 views

USN-311-1: Linux kernel vulnerabilities

A race condition was discovered in the doaddcounters functions. Processes which do not run with full root privileges, but have the CAPNETADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so th...

5.6CVSS6.1AI score0.04387EPSS
Exploits17
Ubuntu
Ubuntu
•added 2005/12/23 9:46 p.m.•77 views

USN-232-1: PHP vulnerabilities

Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...

7.5CVSS7.4AI score0.65512EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/07/26 3:11 p.m.•76 views

USN-6919-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 It was discovered that the ATA over...

9.1CVSS7.5AI score0.01635EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/23 9:28 a.m.•76 views

USN-6736-2: klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibl...

9.8CVSS7.9AI score0.51733EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/12/06 3:11 p.m.•76 views

USN-6538-1: PostgreSQL vulnerabilities

Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2023-5868 Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL arra...

8.8CVSS7.2AI score0.04322EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/11/15 11:27 a.m.•76 views

USN-6473-2: pip vulnerabilities

USN-6473-1 fixed vulnerabilities in urllib3. This update provides the corresponding updates for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Authorization header on cross-origin redirects. A remote attacker could possibly use thi...

8.1CVSS7.2AI score0.01207EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/10/04 8:59 p.m.•76 views

USN-6415-1: Linux kernel (OEM) vulnerabilities

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel...

9.8CVSS7.8AI score0.0616EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/08/21 2:12 a.m.•76 views

USN-6267-3: Firefox regressions

USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/06/08 9:55 p.m.•76 views

USN-6150-1: Linux kernel vulnerabilities

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...

7.8CVSS7.4AI score0.16642EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/06/05 2:8 p.m.•76 views

USN-6138-1: libssh vulnerabilities

Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-1667 Kevin Backhouse discovered that libssh incorrectly...

6.5CVSS6.6AI score0.01314EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/05/08 2:14 p.m.•76 views

USN-6060-2: MySQL vulnerabilities

USN-6060-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...

7.5CVSS7.3AI score0.01156EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/04/26 5:33 p.m.•76 views

USN-6017-2: Ghostscript vulnerability

USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or...

9.8CVSS8.4AI score0.06341EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/04/26 4:15 a.m.•76 views

USN-6010-3: Firefox regressions

USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

7.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/04/19 4:57 p.m.•76 views

USN-6032-1: Linux kernel (OEM) vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36280 Gerald Lee discovered that the USB Gadget file system implementation in the...

7.8CVSS6.8AI score0.00608EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/28 4:23 p.m.•76 views

USN-5979-1: Linux kernel (HWE) vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/09 12:46 p.m.•76 views

USN-5940-1: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Ubuntu
Ubuntu
•added 2023/03/07 2:34 p.m.•76 views

USN-5932-1: Sofia-SIP vulnerabilities

It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...

9.8CVSS7.8AI score0.0366EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/07 11:23 a.m.•76 views

USN-5929-1: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/01/23 8:51 a.m.•76 views

USN-5817-1: Setuptools vulnerability

Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service...

5.9CVSS7.3AI score0.02617EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/01/18 7:23 p.m.•76 views

USN-5811-2: Sudo vulnerability

USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has...

7.8CVSS8.1AI score0.55367EPSS
Exploits20
Ubuntu
Ubuntu
•added 2022/12/08 1:25 p.m.•76 views

USN-5767-1: Python vulnerabilities

Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2022-37454 It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to...

9.8CVSS7.4AI score0.05193EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/09/19 12:53 p.m.•76 views

USN-5613-2: Vim regression

USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. We apologize for the inconvenience. Original advisory details: It was discovered that Vim was not properly performing bounds checks when...

8.4CVSS7.6AI score0.02645EPSS
Exploits7References1
Ubuntu
Ubuntu
•added 2022/06/14 11:17 a.m.•76 views

USN-5477-1: ncurses vulnerabilities

Hosein Askari discovered that ncurses was incorrectly performing memory management operations when dealing with long filenames while writing structures into the file system. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2017-16879 Chung-Yi L...

8.8CVSS6.8AI score0.03005EPSS
Exploits5
Ubuntu
Ubuntu
•added 2021/12/13 4:3 p.m.•76 views

USN-5188-1: Keepalived vulnerability

It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass...

5.5CVSS6.2AI score0.01159EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/11/23 4:3 p.m.•76 views

USN-4640-1: PulseAudio vulnerability

James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information...

4.7CVSS5.1AI score0.00314EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/11/09 11:49 a.m.•76 views

USN-4622-1: OpenLDAP vulnerability

It was discovered that OpenLDAP incorrectly handled certain network packets. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.8AI score0.02183EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/28 7:46 p.m.•76 views

USN-4609-1: GOsa vulnerabilities

Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. CVE-2019-14466 It was discovered that GOsa incorrectly handled user access...

9.8CVSS7.5AI score0.46323EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/14 12:8 p.m.•76 views

LSN-0072-1: Kernel Live Patch Security Notice

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that the Serial CAN interfa...

7.8CVSS6.9AI score0.01308EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/07/28 7:9 p.m.•76 views

USN-4442-1: Sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...

9.8CVSS7.5AI score0.03982EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 2:9 p.m.•76 views

USN-4435-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2020-3327 It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could...

7.5CVSS7.6AI score0.05063EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/06/25 8:58 p.m.•76 views

USN-4404-2: Linux kernel vulnerabilities

USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when...

7.8CVSS6.7AI score0.00471EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/18 12:40 p.m.•76 views

USN-4282-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly performed authorization checks when handling the "ALTER ... DEPENDS ON EXTENSION" sub-commands. A remote attacker could possibly use this issue to drop any function, procedure, materialized view, index, or trigger under certain conditions...

6.5CVSS6.8AI score0.01183EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/06 6:44 p.m.•76 views

USN-4273-1: ReportLab vulnerability

It was discovered that ReportLab incorrectly handled certain XML documents. If a user or automated system were tricked into processing a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.4AI score0.10231EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/11/25 12:17 p.m.•76 views

USN-4189-2: DPDK regression

USN-4189-1 fixed a vulnerability in DPDK. The new version introduced a regression in certain environments. This update fixes the problem. Original advisory details: Jason Wang discovered that DPDK incorrectly handled certain messages. An attacker in a malicious container could possibly use this...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2019/11/21 7:29 p.m.•76 views

USN-4198-1: DjVuLibre vulnerabilities

It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to hang or crash, resulting in a denial of service, or possibly execute arbitrary co...

7.5CVSS6AI score0.03667EPSS
Exploits5
Ubuntu
Ubuntu
•added 2019/06/25 11:26 a.m.•76 views

USN-4034-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

8.8CVSS6.9AI score0.49324EPSS
Exploits26
Ubuntu
Ubuntu
•added 2019/06/19 8:0 p.m.•76 views

USN-4024-1: Evince update

As a security improvement, this update adjusts the AppArmor profile for the Evince thumbnailer to reduce access to the system and adjusts the AppArmor profile for Evince and Evince previewer to limit access to the DBus system bus. Additionally adjust the evince abstraction to disallow writes on...

5.4AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2018/12/20 10:57 p.m.•76 views

USN-3847-2: Linux kernel (HWE) vulnerabilities

USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/05/25 8:41 p.m.•76 views

USN-3660-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or...

9.8CVSS7.8AI score0.21288EPSS
Exploits4
Ubuntu
Ubuntu
•added 2018/03/05 3:2 p.m.•76 views

USN-3588-1: Memcached vulnerabilities

Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service daemon crash. CVE-2017-9951 It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service...

7.5CVSS7AI score0.8864EPSS
Exploits4
Ubuntu
Ubuntu
•added 2018/01/08 3:27 p.m.•76 views

USN-3518-1: AWStats vulnerability

It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.7AI score0.04352EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/07 11:34 p.m.•76 views

USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink...

7.8CVSS6.8AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/07/05 6:19 p.m.•76 views

USN-3349-1: NTP vulnerabilities

Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2016-2519 Miroslav Lichvar discovered that NTP incorrectly...

8.8CVSS6.8AI score0.52935EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/06/22 2:55 a.m.•76 views

USN-3330-1: Linux kernel (Qualcomm Snapdragon) vulnerability

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges...

7.4CVSS7.8AI score0.05186EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/05/17 1:20 a.m.•76 views

USN-3292-2: Linux kernel (HWE) vulnerability

USN-3292-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Jason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attack...

7CVSS6.9AI score0.00387EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/03/07 11:56 p.m.•76 views

USN-3216-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same origin restrictions, obtain sensitive information, spoof the addressbar, spoof the print dialog, cause a denial of...

10CVSS7.6AI score0.17484EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/12/20 9:55 p.m.•76 views

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service system crash. CVE-2016-6213 Andreas Gruenbacher and Jan Kara discovered that the...

10CVSS6.7AI score0.09144EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/12/14 10:15 p.m.•76 views

USN-3157-1: Apport vulnerabilities

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected...

9.3CVSS7.7AI score0.17726EPSS
Exploits8
Ubuntu
Ubuntu
•added 2016/12/05 11:6 a.m.•76 views

USN-3149-1: Linux kernel vulnerability

Philip Pettersson discovered a race condition in the afpacket implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service system crash or run arbitrary code with administrative privileges...

7.8CVSS7.5AI score0.11127EPSS
Exploits16
Ubuntu
Ubuntu
•added 2016/11/30 8:45 p.m.•76 views

USN-3147-1: Linux kernel vulnerabilities

Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. CVE-2016-7097 Marco Grassi discovered that the driver for Areca RAID...

7.8CVSS6.4AI score0.0043EPSS
Exploits0
Total number of security vulnerabilities5000