Lucene search
K
UbuntuMost viewed

10918 matches found

Ubuntu
Ubuntu
•added 2012/08/16 2:47 p.m.•71 views

USN-1540-1: NSS vulnerability

Kaspar Brand discovered a vulnerability in how the Network Security Services NSS ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash...

5CVSS8.3AI score0.02945EPSS
Exploits0
Ubuntu
Ubuntu
•added 2012/08/10 9:59 p.m.•71 views

USN-1532-1: Linux kernel (OMAP4) vulnerabilities

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface which is not available to unprivileged users until granted by a root user could exploit this flaw to crash the system or potential gain administrative privileges...

7.6CVSS7.7AI score0.08738EPSS
Exploits8
Ubuntu
Ubuntu
•added 2012/06/20 12:51 p.m.•71 views

USN-1463-3: Firefox regressions

USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew...

8.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2012/05/31 9:54 p.m.•71 views

USN-1459-1: Linux kernel (OMAP4) vulnerabilities

A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. CVE-2012-1601 Steve Grubb reported a flaw with Linux fscaps file system base capabilities when used to increa...

7.2CVSS6.6AI score0.00418EPSS
Exploits2
Ubuntu
Ubuntu
•added 2012/05/01 5:24 a.m.•71 views

USN-1433-1: Linux kernel (Oneiric backport) vulnerabilities

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. CVE-2011-4086 Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the...

7.8CVSS6.3AI score0.01014EPSS
Exploits5
Ubuntu
Ubuntu
•added 2012/02/17 9:29 p.m.•71 views

USN-1367-3: Thunderbird vulnerability

USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Original advisory details: Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng wer...

6.8CVSS7.8AI score0.73164EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2012/01/19 8:53 p.m.•71 views

USN-1334-1: libxml2 vulnerabilities

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the...

9.3CVSS8.8AI score0.0531EPSS
Exploits3
Ubuntu
Ubuntu
•added 2011/12/15 2:10 p.m.•71 views

USN-1309-1: DHCP vulnerability

It was discovered that the DHCP server incorrectly handled certain malformed packets when configured to evaluate regular expressions. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service...

5CVSS6.3AI score0.15478EPSS
Exploits0
Ubuntu
Ubuntu
•added 2011/12/13 10:25 a.m.•71 views

USN-1299-1: Linux kernel (EC2) vulnerabilities

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Zheng Liu discovered a flaw in how the ext4 filesystem splits extents. A local unprivileged attacker could...

7.2CVSS6.6AI score0.03212EPSS
Exploits7
Ubuntu
Ubuntu
•added 2011/10/20 7:37 p.m.•71 views

USN-1234-1: acpid vulnerability

Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service...

2.1CVSS5.3AI score0.01095EPSS
Exploits1
Ubuntu
Ubuntu
•added 2011/08/09 5:26 p.m.•71 views

USN-1188-1: eCryptfs vulnerabilities

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1831 Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs...

4.6CVSS8.3AI score0.00382EPSS
Exploits2
Ubuntu
Ubuntu
•added 2010/11/10 4:42 p.m.•71 views

USN-1015-1: libvpx vulnerability

Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...

10CVSS6.8AI score0.04569EPSS
Exploits1
Ubuntu
Ubuntu
•added 2010/09/29 2:2 p.m.•71 views

USN-993-1: libgdiplus vulnerability

Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

6.8CVSS5.6AI score0.01914EPSS
Exploits0
Ubuntu
Ubuntu
•added 2010/08/25 2:38 p.m.•71 views

USN-976-1: Tomcat vulnerability

It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests...

6.4CVSS5.7AI score0.54779EPSS
Exploits2
Ubuntu
Ubuntu
•added 2010/06/29 8:41 p.m.•71 views

USN-930-1: Firefox and Xulrunner vulnerabilities

If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.0...

10CVSS9.1AI score0.11418EPSS
Exploits8
Ubuntu
Ubuntu
•added 2010/02/26 8:56 p.m.•71 views

USN-905-1: sudo vulnerabilities

It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...

6.9CVSS7.5AI score0.01125EPSS
Exploits4
Ubuntu
Ubuntu
•added 2010/01/20 7:2 p.m.•71 views

USN-890-1: Expat vulnerabilities

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. CVE-2009-2625, CVE-2009-3720 ...

5CVSS6.5AI score0.3038EPSS
Exploits5
Ubuntu
Ubuntu
•added 2009/07/13 7:27 p.m.•71 views

USN-802-1: Apache vulnerabilities

It was discovered that modproxyhttp did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. CVE-2009-1890 It was...

7.1CVSS7.6AI score0.17111EPSS
Exploits4
Ubuntu
Ubuntu
•added 2009/05/19 9:7 p.m.•71 views

USN-777-1: Ntp vulnerabilities

A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-0159 Chris Ries...

6.8CVSS7.5AI score0.21123EPSS
Exploits2
Ubuntu
Ubuntu
•added 2009/05/13 2:12 p.m.•71 views

USN-776-2: KVM regression

USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered...

7.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2009/05/11 2:43 p.m.•71 views

USN-774-1: MoinMoin vulnerability

It was discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting XSS vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could...

4.3CVSS5AI score0.02482EPSS
Exploits1
Ubuntu
Ubuntu
•added 2009/05/07 5:57 p.m.•71 views

USN-773-1: Pango vulnerability

Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges...

6.8CVSS5.5AI score0.0413EPSS
Exploits2
Ubuntu
Ubuntu
•added 2008/12/22 2:32 p.m.•71 views

USN-698-2: Nagios3 vulnerabilities

It was discovered that Nagios was vulnerable to a Cross-site request forgery CSRF vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This...

6.8CVSS5.8AI score0.06738EPSS
Exploits0
Ubuntu
Ubuntu
•added 2007/08/29 11:10 p.m.•71 views

USN-507-1: tcp-wrappers vulnerability

It was discovered that the TCP wrapper library was incorrectly allowing connections to services that did not specify server-side connection details. Remote attackers could connect to services that had been configured to block such connections. This only affected Ubuntu Feisty...

5CVSS5.3AI score0.02233EPSS
Exploits0
Ubuntu
Ubuntu
•added 2006/09/23 12:41 a.m.•71 views

USN-351-1: firefox vulnerabilities

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571 The NSS library did not...

10CVSS7.8AI score0.14074EPSS
Exploits1
Ubuntu
Ubuntu
•added 2006/07/26 2:47 a.m.•71 views

USN-323-1: mozilla vulnerabilities

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters ...

9.3CVSS9.1AI score0.07251EPSS
Exploits0
Ubuntu
Ubuntu
•added 2005/12/23 12:16 a.m.•71 views

USN-231-1: Linux kernel vulnerabilities

Rudolf Polzer reported an abuse of the 'loadkeys' command. By redefining one or more keys and tricking another user like root into logging in on a text console and typing something that involves the redefined keys, a local user could cause execution of arbitrary commands with the privileges of th...

7.8CVSS5.6AI score0.05357EPSS
Exploits4
Ubuntu
Ubuntu
•added 2005/12/06 6:2 p.m.•71 views

USN-224-1: Kerberos vulnerabilities

Gaël Delalleau discovered a buffer overflow in the envoptadd function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. CVE-2005-0468 Gaël...

9.8CVSS9.1AI score0.27073EPSS
Exploits0
Ubuntu
Ubuntu
•added 2005/04/01 6:14 p.m.•71 views

USN-103-1: Linux kernel vulnerabilities

Mathieu Lafon discovered an information leak in the ext2 file system driver. When a new directory was created, the ext2 block written to disk was not initialized, so that previous memory contents which could contain sensitive data like passwords became visible on the raw device. This is...

7.2CVSS6.7AI score0.13429EPSS
Exploits2
Ubuntu
Ubuntu
•added 2005/03/29 4:16 a.m.•71 views

USN-101-1: telnet vulnerabilities

A buffer overflow was discovered in the telnet client's handling of the LINEMODE suboptions. By sending a specially constructed reply containing a large number of SLC Set Local Character commands, a remote attacker i. e. a malicious telnet server could execute arbitrary commands with the privileg...

7.5CVSS8.7AI score0.08635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2005/03/18 11:22 p.m.•71 views

USN-99-1: PHP4 vulnerabilities

Stefano Di Paola discovered integer overflows in PHP's pack and unpack functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. CAN-2004-1018 Note: The second part of CAN-2004-1018 buffer overflow in the...

10CVSS6.4AI score0.1616EPSS
Exploits0
Ubuntu
Ubuntu
•added 2004/11/10 9:13 a.m.•71 views

USN-22-1: samba vulnerability

Karol Wiesek discovered a Denial of Service vulnerability in samba. A flaw in the input validation routines used to match filename strings containing wildcard characters may allow a remote user to consume more than normal amounts of CPU resources, thus impacting the performance and response of th...

5CVSS8.2AI score0.04906EPSS
Exploits1
Ubuntu
Ubuntu
•added 2004/10/29 6:2 p.m.•71 views

USN-11-1: libgd2 vulnerabilities

Several buffer overflows have been discovered in libgd's PNG handling functions. If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PH...

10CVSS6AI score0.28255EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/02/29 3:52 p.m.•70 views

USN-6670-1: php-guzzlehttp-psr7 vulnerabilities

It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...

7.5CVSS7.3AI score0.02384EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/12 12:15 p.m.•70 views

USN-6550-1: PostfixAdmin vulnerabilities

It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...

8.8CVSS6.6AI score0.04923EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/11/30 5:56 p.m.•70 views

USN-6494-2: Linux kernel vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Lucas Leong discovered that the netfilter subsystem in the...

7.8CVSS7.3AI score0.00856EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/11/28 8:1 p.m.•70 views

USN-6520-1: Linux kernel (StarFive) vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao and...

9.8CVSS7.5AI score0.54577EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/11/21 9:15 a.m.•70 views

USN-6491-1: Node.js vulnerabilities

Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-32212 Zeyu Zhang discovered that Node.js incorrectl...

8.1CVSS7.5AI score0.77766EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/11/14 10:15 p.m.•70 views

USN-6479-1: Linux kernel (OEM) vulnerabilities

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel contained a race condition in IP set operations in certain situations. A local attacker could use this to cause a denial of service system crash. CVE-2023-42756 Alex Birnberg discovered that the netfilter subsystem in the Linux...

7.8CVSS6.8AI score0.00396EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/10/31 9:7 p.m.•70 views

USN-6465-1: Linux kernel vulnerabilities

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...

5.5CVSS6.7AI score0.00454EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/10/30 4:10 p.m.•70 views

USN-6441-3: Linux kernel vulnerabilities

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service host system crash or...

7.8CVSS7.5AI score0.00549EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/10/19 4:12 p.m.•70 views

USN-6438-1: .NET vulnerabilities

Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. CVE-2023-36799 It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly...

7.5CVSS7.3AI score0.99999EPSS
Exploits19
Ubuntu
Ubuntu
•added 2023/10/17 10:25 a.m.•70 views

USN-6432-1: Quagga vulnerabilities

It was discovered that the Quagga BGP daemon did not properly check the attribute length in NRLI. A remote attacker could possibly use this issue to cause a denial of service. CVE-2023-41358 It was discovered that the Quagga BGP daemon did not properly manage memory when reading initial bytes of...

9.1CVSS6.6AI score0.01058EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/08/11 5:51 p.m.•70 views

USN-6285-1: Linux kernel (OEM) vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2022-48502...

9.1CVSS7.6AI score0.15783EPSS
Exploits18
Ubuntu
Ubuntu
•added 2023/07/19 8:45 a.m.•70 views

USN-6236-1: ConnMan vulnerabilities

It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-26675,...

9.8CVSS7.7AI score0.02863EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/07/07 7:40 p.m.•70 views

USN-6212-1: Linux kernel (Intel IoTG) vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that for some...

7.8CVSS7.2AI score0.00532EPSS
Exploits1References2
Ubuntu
Ubuntu
•added 2023/06/14 1:26 p.m.•70 views

USN-6165-1: GLib vulnerabilities

It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks...

7.8CVSS6.7AI score0.0078EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/05/30 2:31 p.m.•70 views

USN-6117-1: Apache Batik vulnerabilities

It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perform a cross site request forgery attack. CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648 It was discovered that Apache Batik incorrectly handled Jar URLs in some...

8.2CVSS7AI score0.13635EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/05/16 1:55 p.m.•70 views

USN-6079-1: Linux kernel vulnerabilities

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Ziming Zhang discovered that the VMware Virtual GPU DR...

7.8CVSS7.4AI score0.71737EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/05/10 11:30 a.m.•70 views

USN-6067-1: OpenStack Neutron vulnerabilities

David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-20267...

9.1CVSS6.4AI score0.0189EPSS
Exploits3
Total number of security vulnerabilities5000