Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
•added 2021/02/09 5:6 p.m.•84 views

USN-4726-1: OpenJDK vulnerability

It was discovered that OpenJDK incorrectly handled the direct buffering of characters. An attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or cause other unspecified impact...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/02/08 11:36 p.m.•95 views

USN-4717-2: Firefox regression

USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/02/08 1:12 p.m.•176 views

USN-4725-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2020-11947 Alexander Bulekov discovered tha...

7.5CVSS6.5AI score0.00654EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/02/08 12:55 p.m.•141 views

USN-4724-1: OpenLDAP vulnerabilities

It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. CVE-2020-36221 It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A...

7.5CVSS7.5AI score0.84224EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/08 12:43 p.m.•116 views

USN-4723-1: PEAR vulnerability

It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS7.9AI score0.70595EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/05 1:4 a.m.•166 views

USN-4711-1: Linux kernel vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.4AI score0.06563EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/04 7:46 p.m.•227 views

USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities

It was discovered that ReadyMedia MiniDLNA allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. CVE-2020-12695 It was discovered th...

9.8CVSS7.2AI score0.15193EPSS
Exploits4
Ubuntu
Ubuntu
•added 2021/02/04 7:45 p.m.•112 views

USN-4721-1: Flatpak vulnerability

Simon McVittie discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system a sandbox escape. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute...

8.8CVSS8.5AI score0.0057EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/03 1:20 p.m.•105 views

USN-4720-2: Apport vulnerabilities

USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate...

8.8CVSS7.6AI score0.00568EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/02/03 1:1 a.m.•294 views

USN-4710-1: Linux kernel vulnerability

Kiyin 尹亮 discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service kernel memory exhaustion...

5.5CVSS6.5AI score0.00348EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/02 6:6 p.m.•128 views

USN-4720-1: Apport vulnerabilities

Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. CVE-2021-25682, CVE-2021-25683 Itai Greenhut discovered that Apport incorrectly handled opening certain special files...

8.8CVSS7.6AI score0.00568EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/02/02 5:58 p.m.•105 views

USN-4719-1: ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/02/02 2:9 p.m.•102 views

USN-4718-1: fastd vulnerability

It was discovered that fastd incorrectly handled certain packets. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.2AI score0.02334EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/02 1:27 p.m.•119 views

USN-4467-2: QEMU vulnerabilities

USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly u...

6.7CVSS7.1AI score0.05447EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/02/02 7:23 a.m.•306 views

USN-4709-1: Linux kernel vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

9.3CVSS6.9AI score0.06563EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/02/02 7:14 a.m.•149 views

USN-4712-1: Linux kernel regression

USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem. We apologize for the inconvenience. Original...

5.5AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2021/02/02 6:17 a.m.•239 views

USN-4713-1: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/02/01 11:24 p.m.•129 views

USN-4717-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code...

8.8CVSS8AI score0.01323EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/02/01 3:53 p.m.•164 views

USN-4715-2: Django vulnerability

USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their...

5.3CVSS6.8AI score0.07605EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/02/01 1:48 p.m.•169 views

USN-4716-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.23 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.33. In addition to security fixes...

7.1CVSS6.5AI score0.10093EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/02/01 11:55 a.m.•140 views

USN-4715-1: Django vulnerability

Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location...

5.3CVSS6.7AI score0.07605EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/01/28 8:38 p.m.•134 views

USN-4714-1: XStream vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

9.3CVSS7.5AI score0.85001EPSS
Exploits11
Ubuntu
Ubuntu
•added 2021/01/28 1:41 p.m.•131 views

USN-4707-1: TCMU vulnerability

It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...

8.1CVSS7.8AI score0.02649EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/28 1:40 p.m.•201 views

USN-4706-1: Ceph vulnerabilities

Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. CVE-2020-10736 Adam Mohammed found...

8.8CVSS6.9AI score0.01627EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/28 7:9 a.m.•224 views

USN-4708-1: Linux kernel vulnerabilities

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service system crash. CVE-2018-13093 It was discovered that the btrfs fi...

9.3CVSS6.9AI score0.03293EPSS
Exploits4
Ubuntu
Ubuntu
•added 2021/01/27 3:1 p.m.•303 views

USN-4705-2: Sudo vulnerability

USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain...

7.8CVSS7.2AI score0.99295EPSS
Exploits81
Ubuntu
Ubuntu
•added 2021/01/26 6:48 p.m.•310 views

USN-4705-1: Sudo vulnerabilities

It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVE-2021-3156 It was discovered that the Sudo sudoedit utility incorrectly handled checking directory...

7.8CVSS7AI score0.99295EPSS
Exploits82
Ubuntu
Ubuntu
•added 2021/01/26 4:23 p.m.•129 views

USN-4704-1: libsndfile vulnerabilities

It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-12562 It was discovered that libsndfile incorrectly handled certain...

9.8CVSS6.7AI score0.03978EPSS
Exploits6
Ubuntu
Ubuntu
•added 2021/01/26 8:25 a.m.•120 views

LSN-0074-1: Kernel Live Patch Security Notice

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-0427 Andy Nguyen discovered that the Bluetooth A2MP implementation in...

8.1CVSS7.1AI score0.06563EPSS
Exploits7
Ubuntu
Ubuntu
•added 2021/01/25 3:8 p.m.•116 views

USN-4703-1: Mutt vulnerability

It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service...

6.5CVSS6.3AI score0.02796EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/25 12:37 p.m.•136 views

USN-4702-1: Pound vulnerabilities

It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information. CVE-2016-10711, CVE-2018-21245...

9.8CVSS8.3AI score0.02893EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/21 2:34 a.m.•149 views

USN-4689-4: Linux kernel update

USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that...

7.8CVSS6.5AI score0.00452EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/20 1:43 p.m.•115 views

USN-4697-2: Pillow vulnerabilities

USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted...

7.1CVSS7.1AI score0.01498EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/20 1:13 p.m.•125 views

USN-4689-3: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...

7.8CVSS6.4AI score0.00452EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/20 12:17 p.m.•163 views

USN-4701-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, or execute arbitrary...

9.3CVSS7.7AI score0.01876EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/19 2:29 p.m.•107 views

USN-4700-1: PyXDG vulnerability

Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code...

7.5CVSS7.4AI score0.02105EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/01/19 12:50 p.m.•291 views

USN-4699-1: Apache Log4net vulnerability

It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information...

9.8CVSS7.2AI score0.49839EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/19 12:48 p.m.•166 views

USN-4698-1: Dnsmasq vulnerabilities

Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-25681, CVE-2020-25687 Moshe Kol and Shlomi Oberman...

8.3CVSS6.2AI score0.86692EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/01/18 5:22 p.m.•140 views

USN-4697-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. CVE-2020-35653 It was discovered that Pillow...

8.8CVSS7.2AI score0.01789EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/18 2:21 p.m.•127 views

USN-4696-1: HTMLDOC vulnerability

It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...

7.8CVSS7.2AI score0.01135EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/01/18 12:30 p.m.•141 views

USN-4695-1: icoutils vulnerabilities

Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2017-5208 It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to...

8.8CVSS7AI score0.03591EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/01/14 11:48 p.m.•148 views

USN-4694-1: Linux kernel vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/14 9:13 p.m.•89 views

USN-4693-1: Ampache vulnerabilities

It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. CVE-2019-12385 It was discovered that an XSS vulnerability in...

8.8CVSS7.1AI score0.01634EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/01/13 8:43 p.m.•112 views

USN-4653-2: containerd vulnerability

USN-4653-1 fixed a vulnerability in containerd. Unfortunately, those containerd packages introduced a regression in docker.io and the update was reverted. This update addresses the docker.io issue and reintroduces the fixes from USN-4653-1. We apologize for the inconvenience...

5.2CVSS6.5AI score0.03236EPSS
Exploits4References1
Ubuntu
Ubuntu
•added 2021/01/13 6:56 p.m.•126 views

USN-4692-1: tar vulnerabilities

Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu...

7.5CVSS6.5AI score0.03028EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/01/13 5:15 p.m.•114 views

USN-4691-1: Open vSwitch vulnerabilities

Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.5AI score0.05493EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/12 12:44 p.m.•100 views

USN-4649-2: xdg-utils regression

USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Original advisory details: Jens Mueller discovered that xdg-utils incorrectly handl...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/01/11 9:57 p.m.•147 views

USN-4689-2: Linux kernel vulnerabilities

USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed...

7.8CVSS6.5AI score0.01777EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/01/11 9:19 p.m.•113 views

USN-4690-1: coTURN vulnerability

It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...

7.2CVSS7.2AI score0.01282EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/01/11 9:2 p.m.•126 views

USN-4689-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...

7.8CVSS6.4AI score0.01777EPSS
Exploits0
Total number of security vulnerabilities10918