Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
added 2021/03/15 8:4 p.m.45 views

USN-4765-1: The Sleuth Kit vulnerabilities

It was discovered that The Sleuth Kit did not properly handle certain entires in FAT file systems. An attacker could use this vulnerability to mislead an analyst and obscure their activities. This issue only affected Ubuntu 14.04 ESM. CVE-2012-5619 It was discovered that The Sleuth Kit mishandled...

5.5CVSS6.7AI score0.00744EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/15 5:6 p.m.143 views

USN-4764-1: GLib vulnerability

It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory...

5.3CVSS6.8AI score0.02622EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/12 2:7 p.m.246 views

USN-4754-3: Python vulnerabilities

USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 and Ubuntu 20.04. In the case of Python 2.7 for 20.04, these additional fixes are included: It was dicovered that Python allowed remote attackers to cause a denial of service resource...

9.8CVSS7.9AI score0.23293EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/03/11 2:56 p.m.140 views

USN-4763-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only...

9.8CVSS7.5AI score0.04851EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/10 2:30 p.m.2853 views

USN-4762-1: OpenSSH vulnerability

It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.1CVSS7.3AI score0.03422EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/09 6:25 p.m.132 views

USN-4761-1: Git vulnerability

Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code...

8CVSS8.4AI score0.88644EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/03/08 7:10 p.m.119 views

USN-4758-1: Go vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...

6.1CVSS6.7AI score0.03646EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/03/08 6:21 p.m.129 views

USN-4760-1: libzstd vulnerabilities

It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations...

5.5CVSS6.1AI score0.00431EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/08 6:15 p.m.118 views

USN-4759-1: GLib vulnerabilities

Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2021-27218 Kevin Backhouse discovered that GLib incorrect...

7.5CVSS7.1AI score0.0408EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/08 6:6 p.m.84 views

USN-4733-2: GNOME Autoar regression

USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Original advisory details: Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/03/04 5:54 p.m.110 views

USN-4757-2: wpa_supplicant and hostapd vulnerability

USN-4757-1 fixed a vulnerability in wpasupplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically...

7.5CVSS7.8AI score0.01228EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/03 11:45 a.m.106 views

USN-4757-1: wpa_supplicant and hostapd vulnerability

It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code...

7.5CVSS7.7AI score0.01228EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/03/03 11:38 a.m.177 views

USN-4754-4: Python 2.7 vulnerability

USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled...

9.8CVSS7.8AI score0.23293EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/03/01 6:12 p.m.153 views

USN-4737-2: Bind vulnerability

USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to...

8.1CVSS7.4AI score0.64161EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/26 6:11 p.m.126 views

USN-4756-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct cross-site scripting XSS attacks, bypass HTTP auth phishing warning...

8.8CVSS7.4AI score0.0153EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/25 6:54 p.m.158 views

USN-4754-2: Python regression

USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Python incorrectly handled certain...

7.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/02/25 5:1 p.m.138 views

USN-4755-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

7.8CVSS7.6AI score0.01922EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/25 12:5 p.m.185 views

USN-4754-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVE-2020-27619, CVE-2021-3177...

9.8CVSS7.7AI score0.23293EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/25 7:5 a.m.226 views

USN-4749-1: Linux kernel vulnerabilities

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...

8.8CVSS6.7AI score0.01129EPSS
Exploits6
Ubuntu
Ubuntu
added 2021/02/25 7:1 a.m.162 views

USN-4753-1: Linux kernel (OEM) vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/25 6:54 a.m.220 views

USN-4752-1: Linux kernel (OEM) vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

7.8CVSS8AI score0.03292EPSS
Exploits13
Ubuntu
Ubuntu
added 2021/02/25 6:43 a.m.245 views

USN-4751-1: Linux kernel vulnerabilities

It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...

8.8CVSS6.8AI score0.01129EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/02/25 6:31 a.m.402 views

USN-4750-1: Linux kernel vulnerabilities

Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-25669 It was discovered that the jfs file system implementation in the Linux kernel...

8.8CVSS6.8AI score0.01129EPSS
Exploits6
Ubuntu
Ubuntu
added 2021/02/25 6:21 a.m.191 views

USN-4748-1: Linux kernel vulnerabilities

It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service system crash. CVE-2020-27815 It was discovered that the memory management subsystem in the Linux kerne...

7.8CVSS7.1AI score0.01129EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/02/24 7:56 p.m.122 views

USN-4747-2: GNU Screen vulnerability

USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash...

9.8CVSS7.6AI score0.09147EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/24 1:58 p.m.133 views

USN-4747-1: GNU Screen vulnerability

Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.09147EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/24 1:51 p.m.132 views

USN-4746-1: xterm vulnerability

Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.6AI score0.07541EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/24 1:43 p.m.184 views

USN-4698-2: Dnsmasq regression

USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced regressions in certain environments related to issues with multiple queries, and issues with retries. This update fixes the problem. Original advisory details: Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly...

6.4AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/02/23 7:33 p.m.249 views

USN-4745-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2020-1971 Tavis Ormandy discovered that OpenSSL incorrectly handl...

5.9CVSS6.8AI score0.07471EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/02/22 4:4 p.m.111 views

USN-4467-3: QEMU regression

USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Ren Ding, Hanqing Zhao, Alexander Bulekov, and Anatoly Trosinenko discovered that the...

7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/02/22 2:22 p.m.129 views

USN-4744-1: OpenLDAP vulnerability

Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short timestamps. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.64147EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/22 2:15 p.m.119 views

USN-4743-1: GDK-PixBuf vulnerability

It was discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service...

8.8CVSS7.9AI score0.02346EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/22 2:8 p.m.142 views

USN-4742-1: Django vulnerability

It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack...

5.9CVSS7.5AI score0.35963EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/18 8:36 p.m.133 views

USN-4741-1: Jackson vulnerabilities

It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.2AI score0.37925EPSS
Exploits7
Ubuntu
Ubuntu
added 2021/02/18 8:35 p.m.119 views

USN-4740-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms...

9.8CVSS8.2AI score0.24436EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/18 12:29 p.m.145 views

USN-4739-1: WebKitGTK vulnerability

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.9AI score0.01792EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/18 12:22 p.m.189 views

USN-4738-1: OpenSSL vulnerabilities

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2021-23840 Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...

7.5CVSS6.6AI score0.50732EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/18 12:5 p.m.144 views

USN-4737-1: Bind vulnerability

It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor...

8.1CVSS7.3AI score0.64161EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/16 9:33 p.m.165 views

USN-4734-2: wpa_supplicant and hostapd vulnerabilities

USN-4734-1 fixed several vulnerabilities in wpasupplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct group information in some situations, leading to a heap overflow. A physically proximate...

7.9CVSS7.5AI score0.15193EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/02/16 4:59 p.m.124 views

USN-4736-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-26976,...

8.8CVSS7.7AI score0.01556EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/15 12:2 p.m.144 views

USN-4735-1: PostgreSQL vulnerability

Heikki Linnakangas discovered that PostgreSQL incorrectly leaked values of denied columns when handling certain errors. A remote attacker could possibly use this issue to obtain sensitive information...

4.3CVSS6.5AI score0.01187EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/02/11 10:22 p.m.213 views

USN-4734-1: wpa_supplicant and hostapd vulnerabilities

It was discovered that wpasupplicant did not properly handle P2P Wi-Fi Direct group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2021-0326 It was discovered that...

7.9CVSS7.4AI score0.15193EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/02/11 12:46 p.m.123 views

USN-4733-1: GNOME Autoar vulnerability

Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution...

5.5CVSS7.1AI score0.00639EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/11 12:37 p.m.126 views

USN-4732-1: SQLite vulnerability

It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS7.2AI score0.00496EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/10 11:7 p.m.105 views

USN-4730-1: PostSRSd vulnerability

It was discovered that PostSRSd mishandled certain input. A remote attacker could use this vulnerability to cause a denial of service via a long timestamp tag in an SRS address...

7.5CVSS7.2AI score0.02657EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/10 6:56 p.m.108 views

USN-4731-1: JUnit 4 vulnerability

It was discovered that JUnit 4 contains a local information disclosure vulnerability. An attacker could possibly use this issue to obtain sensitive information...

5.5CVSS6.5AI score0.01695EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/10 3:21 p.m.110 views

USN-4729-1: Open vSwitch vulnerability

Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification...

7.8CVSS7.5AI score0.08026EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/10 1:17 a.m.157 views

USN-4713-2: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/02/10 1:14 a.m.129 views

USN-4728-1: snapd vulnerability

Gilad Reti and Nimrod Stoler discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a...

9.3CVSS8.4AI score0.00256EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/02/10 12:54 a.m.162 views

USN-4727-1: Linux kernel vulnerability

Alexander Popov discovered that multiple race conditions existed in the AFVSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7CVSS7.1AI score0.01602EPSS
Exploits1
Total number of security vulnerabilities10918