Lucene search
K
UbuntuMost viewed

10890 matches found

Ubuntu
Ubuntu
added 2024/09/26 4:19 p.m.237 views

USN-7040-1: ConfigObj vulnerability

It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service...

5.9CVSS5.5AI score0.01259EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/26 9:9 a.m.237 views

USN-7038-1: APR vulnerability

Thomas Stangner discovered a permission vulnerability in the Apache Portable Runtime APR library. A local attacker could possibly use this issue to read named shared memory segments, potentially exposing sensitive application data...

5.5CVSS6.5AI score0.00332EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/01/07 1:9 a.m.237 views

USN-4225-1: Linux kernel vulnerabilities

It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-14895, CVE-2019-14901 It was discovered that a...

10CVSS7.3AI score0.16908EPSS
Exploits1
Ubuntu
Ubuntu
added 2019/06/10 2:8 p.m.237 views

USN-4013-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.8CVSS7AI score0.03574EPSS
Exploits6
Ubuntu
Ubuntu
added 2019/05/30 1:23 p.m.237 views

USN-3999-1: GnuTLS vulnerabilities

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected...

7.5CVSS7.2AI score0.58969EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/11/15 1:44 a.m.236 views

USN-7112-1: GD Graphics Library vulnerability

It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service application crash...

6.5CVSS6AI score0.01659EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/25 4:32 p.m.236 views

USN-7034-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2022/02/21 5:25 p.m.236 views

USN-4478-2: Python-RSA vulnerability

USN-4478-1 fixed a vulnerability in Python-RSA. This update provides the corresponding update for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issu...

7.5CVSS7.4AI score0.01359EPSS
Exploits1
Ubuntu
Ubuntu
added 2019/10/22 2:40 a.m.236 views

USN-4163-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

10CVSS6.9AI score0.07619EPSS
Exploits3
Ubuntu
Ubuntu
added 2020/11/11 2:30 a.m.235 views

USN-4627-1: Linux kernel vulnerability

Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose...

5.5CVSS6.4AI score0.00446EPSS
Exploits0
Ubuntu
Ubuntu
added 2019/10/22 2:38 a.m.235 views

USN-4162-1: Linux kernel vulnerabilities

It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

10CVSS7.1AI score0.07619EPSS
Exploits3
Ubuntu
Ubuntu
added 2018/10/08 1:8 p.m.235 views

USN-3786-1: libxkbcommon vulnerabilities

It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862,...

7.8CVSS6AI score0.00535EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/10/01 6:49 p.m.235 views

USN-3776-1: Linux kernel vulnerabilities

Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-17182 It was discovered that the...

8.3CVSS7.6AI score0.08743EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/09/27 4:46 p.m.234 views

USN-5090-2: Apache HTTP Server vulnerabilities

USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly us...

9.8CVSS8.1AI score0.99999EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/08/24 6:40 a.m.234 views

USN-5044-1: Linux kernel vulnerabilities

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2021-3564 It was discovered that th...

6.9CVSS7AI score0.00481EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/01/07 2:24 a.m.234 views

USN-4227-1: Linux kernel vulnerabilities

It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-14895, CVE-2019-14901 It was discovered that a...

10CVSS7.3AI score0.16908EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/11/27 12:46 p.m.233 views

USN-7092-2: mpg123 vulnerability

USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or...

6.7CVSS7AI score0.00348EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2018/10/04 11:13 p.m.233 views

USN-3785-1: ImageMagick vulnerabilities

Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate...

9.8CVSS7.3AI score0.49324EPSS
Exploits10References1
Ubuntu
Ubuntu
added 2017/05/24 2:14 p.m.233 views

USN-3298-2: MiniUPnP vulnerability

USN-3298-1 fixed a vulnerability in MiniUPnP. This update provides the corresponding update for Ubuntu 17.04. Original advisory details: It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary co...

9.8CVSS8.7AI score0.24027EPSS
Exploits6
Ubuntu
Ubuntu
added 2024/08/02 9:36 a.m.231 views

USN-6895-4: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the HugeTLB file syst...

7.8CVSS7.4AI score0.00756EPSS
Exploits1
Ubuntu
Ubuntu
added 2017/02/28 6:31 p.m.231 views

USN-3213-1: GD library vulnerabilities

Stefan Esser discovered that the GD library incorrectly handled memory when processing certain images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected...

9.8CVSS7.2AI score0.10687EPSS
Exploits0
Ubuntu
Ubuntu
added 2022/07/20 1:13 p.m.230 views

USN-5528-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.02636EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/01/22 4:50 p.m.230 views

USN-3538-1: OpenSSH vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

7.8CVSS7AI score0.37431EPSS
Exploits8
Ubuntu
Ubuntu
added 2021/05/17 9:50 a.m.229 views

USN-4628-3: Intel Microcode vulnerabilities

USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some additional processor types. Original advisory details: Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Dani...

5.5CVSS7AI score0.0051EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/05/24 2:13 a.m.228 views

USN-4369-1: Linux kernel vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 Trista...

7.8CVSS6.3AI score0.034EPSS
Exploits2
Ubuntu
Ubuntu
added 2019/09/11 5:29 a.m.228 views

USN-4115-2: Linux kernel regression

USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for...

7.7AI score0.05789EPSS
Exploits17References1
Ubuntu
Ubuntu
added 2021/02/04 7:46 p.m.227 views

USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities

It was discovered that ReadyMedia MiniDLNA allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. CVE-2020-12695 It was discovered th...

9.8CVSS7.2AI score0.15193EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/05/19 8:4 p.m.227 views

USN-4368-1: Linux kernel vulnerabilities

Tristan Madani discovered that the file locking implementation in the Linux kernel contained a race condition. A local attacker could possibly use this to cause a denial of service or expose sensitive information. CVE-2019-19769 It was discovered that the Serial CAN interface driver in the Linux...

7.8CVSS6.3AI score0.01337EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/05/11 10:37 p.m.226 views

USN-4949-1: Linux kernel vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

8.8CVSS7.4AI score0.27477EPSS
Exploits9
Ubuntu
Ubuntu
added 2021/02/25 7:5 a.m.226 views

USN-4749-1: Linux kernel vulnerabilities

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...

8.8CVSS6.7AI score0.01129EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/03/02 11:6 p.m.225 views

USN-5911-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits7
Ubuntu
Ubuntu
added 2022/05/04 5:28 p.m.225 views

USN-5395-2: networkd-dispatcher regression

USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that networkd-dispatcher incorrectly handled internal...

6.1AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/23 5:10 a.m.225 views

USN-5003-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 It was discovered that the eBPF implementation in the Linux kernel...

7.8CVSS7.1AI score0.00482EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/06/01 3:28 p.m.225 views

USN-4378-1: Flask vulnerability

It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.4AI score0.03855EPSS
Exploits1
Ubuntu
Ubuntu
added 2019/07/17 10:22 p.m.225 views

USN-4064-1: Thunderbird vulnerabilities

A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. CVE-2019-9811 Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially...

9.8CVSS7.7AI score0.20271EPSS
Exploits2
Ubuntu
Ubuntu
added 2019/02/28 2:8 p.m.225 views

USN-3900-1: GD vulnerabilities

It was discovered that GD incorrectly handled memory when processing certain images. A remote attacker could use this issue with a specially crafted image file to cause GD to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.65116EPSS
Exploits7
Ubuntu
Ubuntu
added 2021/06/23 2:52 a.m.224 views

USN-4999-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...

8.8CVSS7.5AI score0.07604EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/01/28 7:9 a.m.224 views

USN-4708-1: Linux kernel vulnerabilities

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service system crash. CVE-2018-13093 It was discovered that the btrfs fi...

9.3CVSS6.9AI score0.03293EPSS
Exploits4
Ubuntu
Ubuntu
added 2019/01/11 2:8 p.m.224 views

USN-3855-1: systemd vulnerabilities

It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-16864 It was discovered that systemd-journald allocated...

7.8CVSS6.8AI score0.02958EPSS
Exploits4
Ubuntu
Ubuntu
added 2023/12/14 5:31 p.m.223 views

USN-6557-1: Vim vulnerabilities

It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-1725 It was discovered that Vim could be made to recurse...

7.8CVSS7AI score0.01527EPSS
Exploits8
Ubuntu
Ubuntu
added 2021/05/27 1:12 p.m.223 views

USN-4967-2: nginx vulnerability

USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could...

7.7CVSS8.1AI score0.52838EPSS
Exploits10
Ubuntu
Ubuntu
added 2020/06/11 10:52 p.m.223 views

USN-4390-1: Linux kernel vulnerabilities

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...

7.5CVSS6.9AI score0.01229EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2018/10/10 2:32 p.m.223 views

USN-3787-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled returning redirects to a directory. A remote attacker could possibly use this issue with a specially crafted URL to redirect to arbitrary URIs...

4.3CVSS6.4AI score0.94494EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/05/09 5:4 p.m.223 views

USN-2966-1: OpenSSH vulnerabilities

Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. CVE-2015-8325 Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibl...

9.8CVSS6.8AI score0.37016EPSS
Exploits13
Ubuntu
Ubuntu
added 2020/04/09 12:58 p.m.222 views

LSN-0065-1: Kernel Live Patch Security Notice

Andrew Honig reported a flaw in the way KVM Kernel-based Virtual Machine emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service crash the host. CVE-2013-1798 It was discovered that the KVM implementation in the Linux kernel, when...

7.1CVSS6.7AI score0.0135EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/04/02 7:15 p.m.222 views

USN-3613-1: OpenJDK 8 vulnerabilities

It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. CVE-2018-2579 It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM...

8.3CVSS7.2AI score0.06905EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/01/18 5:44 p.m.221 views

USN-5811-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. CVE-2023-22809 It was discovered that the...

7.8CVSS7.5AI score0.55367EPSS
Exploits21
Ubuntu
Ubuntu
added 2021/06/08 2:12 a.m.221 views

USN-4982-1: Linux kernel vulnerabilities

Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...

7.8CVSS7.6AI score0.03233EPSS
Exploits3
Ubuntu
Ubuntu
added 2019/05/27 12:9 p.m.221 views

USN-3994-1: gnome-desktop vulnerability

It was discovered that gnome-desktop incorrectly confined thumbnailers. If a user were tricked into downloading a malicious image file, a remote attacker could possibly combine this issue with another vulnerability to escape the sandbox and execute arbitrary code...

9CVSS7.5AI score0.01952EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/04/06 8:15 p.m.218 views

USN-4320-1: Linux kernel vulnerability

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory...

7.1CVSS6.8AI score0.00655EPSS
Exploits0
Total number of security vulnerabilities5000