Lucene search
K
UbuntuMost viewed

10891 matches found

Ubuntu
Ubuntu
•added 2015/01/26 8:1 p.m.•70 views

USN-2476-1: Oxide vulnerabilities

Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process...

7.5CVSS8.6AI score0.04339EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/22 2:29 p.m.•70 views

USN-2480-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the...

7.5CVSS6.6AI score0.10066EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/12/22 1:12 p.m.•70 views

USN-2449-1: NTP vulnerabilities

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. CVE-2014-9293 Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker...

7.5CVSS7.2AI score0.7809EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/10/23 8:11 p.m.•70 views

USN-2388-2: OpenJDK 7 vulnerabilities

USN-2388-1 fixed vulnerabilities in OpenJDK 7 for Ubuntu 14.04 LTS. This update provides the corresponding updates for Ubuntu 14.10. Original advisory details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to...

10CVSS7AI score0.05639EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/10/17 1:26 a.m.•70 views

USN-2386-1: OpenJDK 6 vulnerabilities

A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. CVE-2014-6457 Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. CVE-2014-6502,...

6.8CVSS7AI score0.05639EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2014/08/07 6:13 p.m.•70 views

USN-2308-1: OpenSSL vulnerabilities

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3505 Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS...

7.5CVSS6.7AI score0.7408EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/07/08 5:27 p.m.•70 views

USN-2275-1: DBus vulnerabilities

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. CVE-2014-3477 Alban Crequy discovered that dbus-daemon incorrectly handled certain...

4CVSS5.5AI score0.00446EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/05/21 6:39 p.m.•70 views

USN-2218-1: Xalan-Java vulnerability

Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources...

7.5CVSS7.5AI score0.13809EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/04/28 12:51 p.m.•70 views

USN-2182-1: QEMU vulnerabilities

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. CVE-2013-4544 Michael S. Tsirkin...

7.2CVSS7.4AI score0.00718EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/04/08 12:8 a.m.•70 views

USN-2124-2: OpenJDK 6 regression

USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A vulnerability was discovered in...

6.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/03/21 5:34 p.m.•70 views

USN-2151-1: Thunderbird vulnerabilities

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...

10CVSS8.1AI score0.83633EPSS
Exploits17References1
Ubuntu
Ubuntu
•added 2014/01/23 3:39 p.m.•70 views

USN-2087-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code...

7.5CVSS7.5AI score0.03045EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/03 11:12 a.m.•70 views

USN-2076-1: Linux kernel (OMAP4) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Ubuntu
Ubuntu
•added 2013/11/21 1:26 p.m.•70 views

USN-2032-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. CVE-2013-1741,...

7.5CVSS7.4AI score0.84424EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2013/10/01 3:5 p.m.•70 views

USN-1984-1: Python 3.2 vulnerabilities

Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. CVE-2013-2099 Ryan Sleevi discovered that Python did not properly handle...

4.3CVSS7.4AI score0.05347EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/07/29 10:8 p.m.•70 views

USN-1914-1: Linux kernel vulnerability

Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges...

6.9CVSS6.6AI score0.01022EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/06/18 7:16 p.m.•70 views

USN-1886-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled YAML payloads. An attacker on an untrusted client could use this issue to execute arbitrary code on the primary server...

7.5CVSS6.5AI score0.03408EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/05/30 9:14 a.m.•70 views

USN-1838-1: Linux kernel (OMAP4) vulnerabilities

An flaw was discovered in the Linux kernel's perfevents interface. A local user could exploit this flaw to escalate privileges on the system. CVE-2013-2094 A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw...

8.4CVSS7.7AI score0.47709EPSS
Exploits17
Ubuntu
Ubuntu
•added 2013/03/18 10:1 p.m.•70 views

USN-1769-1: Linux kernel vulnerabilities

Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. CVE-2013-0190 A failure to validate input was discovered in the Linux kernel's Xen netback network backend driver. ...

6.5CVSS7AI score0.01557EPSS
Exploits4
Ubuntu
Ubuntu
•added 2013/03/07 4:31 p.m.•70 views

USN-1755-2: OpenJDK 7 vulnerabilities

USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. CVE-2013-0809 I...

10CVSS8.6AI score0.85882EPSS
Exploits10
Ubuntu
Ubuntu
•added 2013/02/22 5:47 a.m.•70 views

USN-1745-1: Linux kernel (OMAP4) vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. CVE-2013-0871 A flaw was discovered in the Edgeort USB serial converter...

6.9CVSS6.6AI score0.01434EPSS
Exploits3
Ubuntu
Ubuntu
•added 2013/02/21 11:34 p.m.•70 views

USN-1735-1: OpenJDK vulnerabilities

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. CVE-2013-0169 A...

10CVSS6.6AI score0.35584EPSS
Exploits1
Ubuntu
Ubuntu
•added 2012/11/30 8:3 a.m.•70 views

USN-1644-1: Linux kernel vulnerabilities

Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. CVE-2012-0957 Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit...

6.2CVSS7.2AI score0.00959EPSS
Exploits4
Ubuntu
Ubuntu
•added 2012/09/03 7:55 p.m.•70 views

USN-1553-1: OpenJDK 6 vulnerabilities

It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. CVE-2012-1682 It was discovered that functionality in the...

10CVSS8AI score0.12471EPSS
Exploits1
Ubuntu
Ubuntu
•added 2012/08/10 9:59 p.m.•70 views

USN-1532-1: Linux kernel (OMAP4) vulnerabilities

An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface which is not available to unprivileged users until granted by a root user could exploit this flaw to crash the system or potential gain administrative privileges...

7.6CVSS7.7AI score0.08738EPSS
Exploits8
Ubuntu
Ubuntu
•added 2012/08/10 5:12 p.m.•70 views

USN-1514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM Kernel-based Virtual Machine to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhostnet module is loaded with the...

7.8CVSS6.9AI score0.08738EPSS
Exploits11
Ubuntu
Ubuntu
•added 2012/06/20 12:51 p.m.•70 views

USN-1463-3: Firefox regressions

USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew...

8.7AI score0.04899EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2012/05/31 9:54 p.m.•70 views

USN-1459-1: Linux kernel (OMAP4) vulnerabilities

A flaw was found in the Linux kernel's KVM Kernel Virtual Machine virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. CVE-2012-1601 Steve Grubb reported a flaw with Linux fscaps file system base capabilities when used to increa...

7.2CVSS6.6AI score0.00418EPSS
Exploits2
Ubuntu
Ubuntu
•added 2012/03/27 12:21 p.m.•70 views

USN-1409-1: Linux kernel (Oneiric backport) vulnerabilities

Somnath Kotur discovered an error in the Linux kernel's VLAN virtual lan and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. CVE-2011-3347...

4.6CVSS5.4AI score0.00816EPSS
Exploits0
Ubuntu
Ubuntu
•added 2012/03/13 1:28 p.m.•70 views

USN-1399-1: gdm-guest-session vulnerability

Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files...

2.1CVSS5.4AI score0.00762EPSS
Exploits0
Ubuntu
Ubuntu
•added 2012/02/13 7:12 p.m.•70 views

USN-1362-1: Linux kernel vulnerabilities

Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. CVE-2011-3353 A flaw was found in KVM's Programmable Interval Timer PIT. When a virtual interrupt control is not available a local user could use this to caus...

7.8CVSS6.8AI score0.00399EPSS
Exploits3
Ubuntu
Ubuntu
•added 2012/01/19 8:53 p.m.•70 views

USN-1334-1: libxml2 vulnerabilities

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the...

9.3CVSS8.8AI score0.0531EPSS
Exploits3
Ubuntu
Ubuntu
•added 2011/12/08 10:50 a.m.•70 views

USN-1291-1: Linux kernel vulnerabilities

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges. CVE-2011-4077 A flaw was found in the Journaling Block Device JBD. A local attacker able to mount ext3 or ext4 file...

7.2CVSS7.8AI score0.00556EPSS
Exploits4
Ubuntu
Ubuntu
•added 2011/10/20 7:37 p.m.•70 views

USN-1234-1: acpid vulnerability

Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service...

2.1CVSS5.3AI score0.01095EPSS
Exploits1
Ubuntu
Ubuntu
•added 2011/09/29 5:12 p.m.•70 views

USN-1218-1: Linux kernel vulnerabilities

Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. CVE-2010-4076, CVE-2010-4077 Alex Shi and Eric Dumazet discovered that the network stack...

7.8CVSS6.8AI score0.08793EPSS
Exploits21
Ubuntu
Ubuntu
•added 2011/08/09 5:26 p.m.•70 views

USN-1188-1: eCryptfs vulnerabilities

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1831 Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs...

4.6CVSS8.3AI score0.00382EPSS
Exploits2
Ubuntu
Ubuntu
•added 2011/05/25 4:44 p.m.•70 views

USN-1135-1: Exim vulnerability

It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user...

7.5CVSS7.3AI score0.03802EPSS
Exploits0
Ubuntu
Ubuntu
•added 2010/11/18 5:48 a.m.•70 views

USN-1018-1: OpenSSL vulnerability

Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. CVE-2010-3864...

7.6CVSS8AI score0.22145EPSS
Exploits0
Ubuntu
Ubuntu
•added 2010/11/10 4:42 p.m.•70 views

USN-1015-1: libvpx vulnerability

Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program...

10CVSS6.8AI score0.04569EPSS
Exploits1
Ubuntu
Ubuntu
•added 2010/09/29 1:41 p.m.•70 views

USN-992-1: Avahi vulnerabilities

It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only...

7.8CVSS5.4AI score0.02636EPSS
Exploits1
Ubuntu
Ubuntu
•added 2010/09/16 9:43 p.m.•70 views

USN-975-2: Firefox and Xulrunner regression

USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Firefox. An...

8.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2010/07/06 1:1 p.m.•70 views

USN-943-1: Thunderbird vulnerabilities

Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2010-1199 An integer overflow was discover...

10CVSS9.2AI score0.11418EPSS
Exploits7
Ubuntu
Ubuntu
•added 2009/09/21 6:50 p.m.•70 views

USN-835-1: neon vulnerabilities

Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

5.8CVSS5.3AI score0.02266EPSS
Exploits0
Ubuntu
Ubuntu
•added 2009/09/14 5:14 p.m.•70 views

USN-830-1: OpenSSL vulnerability

Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation...

5.1CVSS6.8AI score0.04506EPSS
Exploits0
Ubuntu
Ubuntu
•added 2009/07/29 4:58 a.m.•70 views

USN-808-1: Bind vulnerability

Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service...

4.3CVSS6.4AI score0.12649EPSS
Exploits1
Ubuntu
Ubuntu
•added 2009/07/13 7:27 p.m.•70 views

USN-802-1: Apache vulnerabilities

It was discovered that modproxyhttp did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. CVE-2009-1890 It was...

7.1CVSS7.6AI score0.17111EPSS
Exploits4
Ubuntu
Ubuntu
•added 2009/05/04 2:44 p.m.•70 views

USN-769-1: libwmf vulnerability

Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user...

7.5CVSS6.8AI score0.03463EPSS
Exploits0
Ubuntu
Ubuntu
•added 2009/02/12 7:12 p.m.•70 views

USN-719-1: pam-krb5 vulnerabilities

It was discovered that pamkrb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. CVE-2009-0360 Derek Chan discovered that pamkrb5 incorrectly handled refreshing existing credentials wh...

6.2CVSS5.5AI score0.00695EPSS
Exploits7
Ubuntu
Ubuntu
•added 2008/12/22 2:32 p.m.•70 views

USN-698-2: Nagios3 vulnerabilities

It was discovered that Nagios was vulnerable to a Cross-site request forgery CSRF vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This...

6.8CVSS5.8AI score0.06738EPSS
Exploits0
Ubuntu
Ubuntu
•added 2008/08/06 7:32 p.m.•70 views

USN-635-1: xine-lib vulnerabilities

Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. CVE-2008-0073 Luigi Auriemma...

9.3CVSS8.2AI score0.15038EPSS
Exploits11
Total number of security vulnerabilities5000