Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
added 2021/01/11 6:14 p.m.107 views

USN-4668-4: python-apt vulnerability

USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume...

2.8CVSS4.9AI score0.0039EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/11 5:42 p.m.113 views

USN-4667-2: APT vulnerability

USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding...

5.7CVSS6.5AI score0.00377EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/11 12:42 p.m.137 views

USN-4688-1: JasPer vulnerabilities

It was discovered that Jasper incorrectly certain files. An attacker could possibly use this issue to cause a crash. CVE-2018-18873 It was discovered that Jasper incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19542 It was...

7.8CVSS6.9AI score0.01946EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/01/08 1:40 a.m.159 views

USN-4687-1: Firefox vulnerability

A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code...

8.8CVSS8.6AI score0.01304EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/07 2:10 p.m.160 views

USN-4686-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain image files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary co...

8.8CVSS6.7AI score0.04932EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/01/07 1:59 p.m.152 views

USN-4685-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code...

7.8CVSS7.2AI score0.02595EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/07 1:51 p.m.132 views

USN-4684-1: EDK II vulnerabilities

Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS...

7.8CVSS7.2AI score0.00328EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/07 12:3 a.m.164 views

USN-4683-1: Linux kernel (OEM) vulnerability

Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory...

6.1CVSS6.4AI score0.00511EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/06 10:27 p.m.155 views

USN-4678-1: Linux kernel vulnerabilities

It was discovered that the AMD Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. CVE-2020-12912 Jann Horn discovered that the iouring subsystem in the Linux kernel d...

7.8CVSS6.4AI score0.00462EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/06 2:33 p.m.156 views

USN-4677-2: p11-kit vulnerability

USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a...

7.5CVSS7.4AI score0.0335EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/06 1:24 p.m.120 views

USN-4682-1: WavPack vulnerability

It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...

6.1CVSS7.2AI score0.01196EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/06 3:41 a.m.187 views

USN-4680-1: Linux kernel vulnerabilities

It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service system crash. CVE-2019-19770 It was discovered that a race condition existed in the binder IPC...

8.2CVSS7.2AI score0.06692EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/01/06 3:35 a.m.159 views

USN-4681-1: Linux kernel vulnerabilities

Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-0148 It was discovered that the console keyboard...

7CVSS6.4AI score0.01026EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/01/06 3:24 a.m.187 views

USN-4679-1: Linux kernel vulnerabilities

It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-25656 Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling...

7.2CVSS6.4AI score0.01026EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/01/05 4:23 p.m.129 views

USN-4677-1: p11-kit vulnerabilities

David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.2AI score0.03515EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/01/05 1:26 p.m.118 views

USN-4676-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

5.5CVSS7AI score0.01239EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/01/05 1:20 p.m.104 views

USN-4675-1: OpenStack Horizon vulnerability

Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL...

6.1CVSS6.2AI score0.014EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/04 5:51 p.m.124 views

USN-4674-2: Dovecot vulnerability

USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash,...

7.5CVSS7.4AI score0.0466EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/04 2:4 p.m.133 views

USN-4674-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. CVE-2020-24386 Innokentii Sennovskiy...

7.5CVSS7.6AI score0.0466EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/01/04 1:52 p.m.92 views

USN-4668-3: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered that python-apt incorrectly handled resources. A loca...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/01/04 12:38 p.m.132 views

USN-4673-1: libproxy vulnerability

Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS8.3AI score0.03569EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/16 5:27 p.m.114 views

USN-4672-1: unzip vulnerabilities

Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service...

7.8CVSS6AI score0.30469EPSS
Exploits3
Ubuntu
Ubuntu
added 2020/12/15 10:52 p.m.151 views

USN-4671-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, ...

9.8CVSS8AI score0.01876EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/12/15 7:3 p.m.86 views

USN-4670-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue on...

9.8CVSS7AI score0.03678EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/12/13 11:27 p.m.117 views

USN-4660-2: Linux kernel regression

USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/12/13 10:41 p.m.160 views

USN-4658-2: Linux kernel regression

USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/12/13 9:0 p.m.177 views

USN-4659-2: Linux kernel regression

USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. Original advisory details: It was discovered that a race condition existe...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/12/11 12:39 a.m.94 views

USN-4666-2: lxml vulnerability

USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. Original advisory details: It was discovered that lxml incorrectly handled certain HTML. An attacker could...

6.1CVSS7AI score0.03934EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/12/10 2:28 p.m.54 views

USN-4669-1: SquirrelMail vulnerability

It was discovered that a cross-site scripting XSS vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service...

6.1CVSS6.3AI score0.01819EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/12/10 2:11 a.m.61 views

USN-4668-2: python-apt regression

USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. We apologize for the inconvenience. Original advisory details: Kevin...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2020/12/09 4:46 p.m.73 views

USN-4665-2: curl vulnerabilities

USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to tric...

7.5CVSS6.8AI score0.09917EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/12/09 4:36 p.m.52 views

USN-4668-1: python-apt vulnerability

Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service...

2.8CVSS4.9AI score0.0039EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/09 4:30 p.m.79 views

USN-4667-1: APT vulnerability

Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service...

5.7CVSS6.5AI score0.00377EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/09 1:28 p.m.67 views

USN-4666-1: lxml vulnerability

It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting XSS attacks...

6.1CVSS7AI score0.03934EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/12/09 12:10 p.m.95 views

USN-4665-1: curl vulnerabilities

Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. CVE-2020-8231 Varnavas Papaioannou discovered that curl...

7.5CVSS6.8AI score0.09917EPSS
Exploits3
Ubuntu
Ubuntu
added 2020/12/08 3:58 p.m.58 views

USN-4664-1: Aptdaemon vulnerabilities

Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. CVE-2020-16128 Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this...

5.5CVSS5.2AI score0.00335EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/08 3:32 p.m.69 views

USN-4663-1: GDK-PixBuf vulnerability

Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service...

5.5CVSS6.7AI score0.01477EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/08 3:27 p.m.180 views

USN-4662-1: OpenSSL vulnerability

David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service...

5.9CVSS7AI score0.06968EPSS
Exploits3
Ubuntu
Ubuntu
added 2020/12/07 3:14 p.m.72 views

USN-4656-2: X.Org X Server vulnerabilities

USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to...

7.8CVSS7.4AI score0.00393EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/03 11:7 p.m.206 views

USN-4658-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-0423 Daniele Antonioli, Nils Ole...

7.8CVSS7.5AI score0.06692EPSS
Exploits7
Ubuntu
Ubuntu
added 2020/12/03 6:35 p.m.78 views

USN-4661-1: Snapcraft vulnerability

It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...

6.8CVSS6.6AI score0.00673EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2020/12/03 2:19 a.m.239 views

USN-4660-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-14351 It was...

7.8CVSS6.9AI score0.03292EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/12/02 2:18 a.m.174 views

USN-4659-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-0423 Daniele Antonioli, Nils Ole...

7.8CVSS7.2AI score0.06692EPSS
Exploits6
Ubuntu
Ubuntu
added 2020/12/02 1:54 a.m.138 views

USN-4657-1: Linux kernel vulnerabilities

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-0427 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen...

7.8CVSS7.6AI score0.06692EPSS
Exploits11
Ubuntu
Ubuntu
added 2020/12/01 4:8 p.m.72 views

USN-4656-1: X.Org X Server vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges...

7.8CVSS7.4AI score0.00393EPSS
Exploits0
Ubuntu
Ubuntu
added 2020/12/01 1:57 p.m.259 views

USN-4655-1: Werkzeug vulnerabilities

It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2019-14806 It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use th...

7.5CVSS6.5AI score0.02288EPSS
Exploits1
Ubuntu
Ubuntu
added 2020/12/01 12:38 p.m.81 views

USN-4654-1: PEAR vulnerabilities

It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code...

7.8CVSS7.9AI score0.84554EPSS
Exploits5
Ubuntu
Ubuntu
added 2020/11/30 9:4 p.m.78 views

USN-4653-1: containerd vulnerability

It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges...

5.2CVSS6.5AI score0.03236EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/11/30 4:24 p.m.75 views

USN-4652-1: SniffIt vulnerability

It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code...

9.3CVSS7.7AI score0.02548EPSS
Exploits2
Ubuntu
Ubuntu
added 2020/11/30 12:40 p.m.62 views

USN-4651-1: MySQL vulnerabilities

Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the...

5.4AI score
Exploits0References1
Total number of security vulnerabilities10918