Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
added 2021/04/22 11:1 p.m.179 views

USN-4925-1: Shibboleth vulnerability

Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content...

5.3CVSS5.8AI score0.01294EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/22 4:59 p.m.123 views

USN-4924-1: Dnsmasq vulnerabilities

It was discovered that Dnsmasq incorrectly handled certain wildcard synthesized NSEC records. A remote attacker could possibly use this issue to prove the non-existence of hostnames that actually exist. CVE-2017-15107 It was discovered that Dnsmasq incorrectly handled certain large DNS packets. A...

7.5CVSS6.8AI score0.02646EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/22 3:59 a.m.284 views

USN-4916-2: Linux kernel regression

USN-4916-1 fixed vulnerabilities in the Linux kernel. Unfortunately, the fix for CVE-2021-3493 introduced a memory leak in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the overlayfs implementation in the Linu...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/04/20 5:8 p.m.125 views

USN-4923-1: EDK II vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. CVE-2021-28210 Satoshi Tanda discovered that EDK II incorrectly handled decompressing certain images. A remote...

7.8CVSS6.8AI score0.00399EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/04/20 5:1 p.m.130 views

USN-4922-1: Ruby vulnerability

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack...

7.5CVSS7.4AI score0.05061EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/20 3:41 p.m.107 views

USN-4921-1: libcaca vulnerability

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code...

7.8CVSS7.2AI score0.00565EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/20 2:23 p.m.130 views

USN-4918-2: ClamAV vulnerabilities

USN-4918-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang,...

7.8CVSS7.4AI score0.03155EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/20 1:38 p.m.153 views

USN-4563-2: NTP vulnerability

USN-4563-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cau...

7.5CVSS7.3AI score0.05726EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/04/19 7:28 p.m.122 views

USN-4919-1: OpenSLP vulnerability

It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code...

9.8CVSS8.2AI score0.96823EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/19 5:52 p.m.131 views

USN-4918-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. CVE-2021-1252 It was discovered that ClamAV incorrectly handled parsing PDF documents. A remote attacker could...

7.8CVSS7.4AI score0.03155EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/15 11:35 p.m.178 views

USN-4917-1: Linux kernel vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

8.8CVSS7.5AI score0.43988EPSS
Exploits28
Ubuntu
Ubuntu
added 2021/04/15 11:26 p.m.151 views

USN-4916-1: Linux kernel vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Piotr Krysiuk discovered that the BPF JIT...

8.8CVSS7.5AI score0.43988EPSS
Exploits27
Ubuntu
Ubuntu
added 2021/04/15 10:22 p.m.129 views

USN-4915-1: Linux kernel (OEM) vulnerabilities

It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. CVE-2021-3493 Vincent Dehors discovered that the shiftfs file...

8.8CVSS7.6AI score0.43988EPSS
Exploits28
Ubuntu
Ubuntu
added 2021/04/14 4:53 p.m.160 views

USN-4913-1: Underscore vulnerability

It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code...

7.2CVSS6.7AI score0.04087EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/04/14 4:42 p.m.116 views

USN-4914-1: NetworkManager vulnerability

It was discovered that NetworkManager incorrectly handled certain profiles. A local attacker could possibly use this issue to cause NetworkManager to crash, resulting in a denial of service...

5.5CVSS6.5AI score0.00254EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/13 10:6 p.m.150 views

USN-4911-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2020-25639 Jan Beulich discovered that the Xen netback backend in the Linux kernel did not...

7.8CVSS6.6AI score0.00708EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/13 9:55 p.m.143 views

USN-4909-1: Linux kernel vulnerabilities

Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service system crash. CVE-2021-20194 Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H...

7.8CVSS7AI score0.00544EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/13 9:35 p.m.151 views

USN-4912-1: Linux kernel (OEM) vulnerabilities

Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-29154 It was...

8.8CVSS7AI score0.02433EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/04/13 8:41 p.m.162 views

USN-4910-1: Linux kernel vulnerabilities

Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. CVE-2021-20239 It was discovered that the BPF verifier in the Linux...

7.8CVSS7.1AI score0.02417EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/13 3:23 p.m.141 views

USN-4907-1: Linux kernel vulnerabilities

Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service system crash. CVE-2018-13095 It was discover...

7.8CVSS7AI score0.01534EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/13 3:0 p.m.135 views

USN-4906-1: Nettle vulnerability

It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures...

8.1CVSS6.6AI score0.01607EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/13 2:51 p.m.174 views

USN-4904-1: Linux kernel vulnerabilities

Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. CVE-2015-1350 Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PV...

7.8CVSS6.9AI score0.03255EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/04/13 2:51 p.m.114 views

USN-4905-1: X.Org X Server vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain lengths of XInput extension ChangeFeedbackControl requests. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7.8AI score0.0105EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/12 12:21 p.m.144 views

USN-4899-2: SpamAssassin vulnerability

USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-...

10CVSS7.7AI score0.06132EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/08 12:46 p.m.118 views

USN-4896-2: lxml vulnerability

USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting XSS...

6.1CVSS7.3AI score0.04002EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/07 5:9 p.m.122 views

USN-4903-1: curl vulnerability

Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS6.8AI score0.05301EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/06 11:13 a.m.122 views

USN-4561-2: Rack vulnerabilities

USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. Original advisory details: It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive...

8.6CVSS7.1AI score0.03593EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/04/06 10:56 a.m.125 views

USN-4902-1: Django vulnerability

Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories...

5.3CVSS6.8AI score0.03865EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/06 4:11 a.m.155 views

USN-4901-1: Linux kernel (Trusty HWE) vulnerabilities

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-27365 It was discovered that the LIO SCSI target implementation in the Linux kerne...

8.1CVSS7AI score0.06563EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/04/01 5:33 p.m.119 views

USN-4900-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

5.5CVSS6.4AI score0.01848EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/04/01 12:0 p.m.123 views

USN-4899-1: SpamAssassin vulnerability

Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code...

10CVSS7.7AI score0.06132EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/31 10:50 a.m.172 views

USN-4898-1: curl vulnerabilities

Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2021-22876 Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A...

5.3CVSS6.6AI score0.05301EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/03/30 4:33 p.m.122 views

USN-4897-1: Pygments vulnerability

Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service...

7.5CVSS7.5AI score0.03832EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/30 4:24 p.m.120 views

USN-4896-1: lxml vulnerability

It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting XSS attacks...

6.1CVSS7.3AI score0.04002EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/29 4:52 p.m.243 views

USN-4883-1: Linux kernel vulnerabilities

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-27365 Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not...

7.8CVSS7AI score0.02079EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/03/29 4:28 p.m.170 views

USN-4890-1: Linux kernel vulnerabilities

Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-27171 Piotr Krysiuk discovered that the BPF...

6CVSS7.1AI score0.00577EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/29 1:5 p.m.146 views

USN-4895-1: Squid vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. This issue only affected Ubuntu 20.04 LTS. CVE-2020-15049 Jianjun Chen...

9.9CVSS6.9AI score0.08161EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/29 12:57 p.m.158 views

USN-4894-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

9.8CVSS7.2AI score0.14542EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/25 10:36 p.m.142 views

USN-4893-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2021-23981, CVE-2021-23982, CVE-2021-23983,...

8.8CVSS8.2AI score0.01404EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/25 3:43 p.m.154 views

USN-3685-2: Ruby regression

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...

9.8CVSS7.8AI score0.15853EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2021/03/25 3:32 p.m.120 views

USN-4888-2: ldb vulnerabilities

USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue t...

7.5CVSS7.5AI score0.04328EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/25 2:29 p.m.162 views

USN-4891-1: OpenSSL vulnerability

It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service...

5.9CVSS7.8AI score0.62906EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/03/25 3:9 a.m.175 views

USN-4889-1: Linux kernel vulnerabilities

Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-27365 Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not...

7.8CVSS7AI score0.02079EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/03/24 6:8 p.m.118 views

USN-4888-1: ldb vulnerabilities

Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. CVE-2021-20277 Douglas Bagnall discovered that ldb, when used with Samba,...

7.5CVSS7.4AI score0.04328EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/23 9:57 p.m.172 views

USN-4887-1: Linux kernel vulnerabilities

De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information kernel memory or possibly execute arbitrary code...

7.8CVSS7.5AI score0.02079EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/03/22 4:55 p.m.121 views

USN-4886-1: Privoxy vulnerabilities

It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. CVE-2020-35502, CVE-2021-20209, CVE-2021-20210, CVE-2021-20213, CVE-2021-20215, CVE-2021-20216, CVE-2021-20217, CVE-2021-20272,...

7.8CVSS7.2AI score0.02355EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/22 1:26 p.m.121 views

USN-4885-1: Pygments vulnerability

It was discovered that Pygments incorrectly handled parsing SML files. If a user or automated system were tricked into parsing a specially crafted SML file, a remote attacker could cause Pygments to hang, resulting in a denial of service...

7.5CVSS7.6AI score0.02707EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/20 4:51 a.m.188 views

USN-4884-1: Linux kernel (OEM) vulnerabilities

Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service system crash. CVE-2021-20194 It was discovered that the priority inheritance futex...

7.8CVSS7AI score0.01377EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/18 5:0 p.m.159 views

USN-4882-1: Ruby vulnerabilities

It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

7.5CVSS7.4AI score0.06811EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/17 5:24 p.m.60 views

USN-4782-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain image files. A remote attacker could possibly use this issue to cause a denial of service. CVE-2016-10506 and CVE-2017-12982 affected only Ubuntu 16.04 ESM. CVE-2018-16375, CVE-2018-20845 and CVE-2019-12973 affected only Ubuntu 18.04 ESM...

8.8CVSS6.5AI score0.0347EPSS
Exploits1
Total number of security vulnerabilities10918