Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2020/10/14 2:6 a.m.•194 views

USN-4578-1: Linux kernel vulnerabilities

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Wen Xu discover...

7.8CVSS6.9AI score0.02143EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/10/14 1:18 a.m.•122 views

USN-4576-1: Linux kernel vulnerabilities

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Jay Shin...

7.8CVSS7.1AI score0.00422EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/10/13 11:28 p.m.•122 views

USN-4575-1: dom4j vulnerability

It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE-2020-10683...

9.8CVSS7.4AI score0.07269EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/07 7:32 p.m.•82 views

USN-4574-1: libseccomp-golang vulnerability

It was discovered that libseccomp-golang did not properly generate BPFs. If a process were running under a restrictive seccomp filter that specified multiple syscall arguments, the application could potentially bypass the intended restrictions put in place by seccomp...

7.5CVSS7AI score0.0245EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/07 1:50 p.m.•81 views

USN-4572-2: Spice vulnerability

USN-4572-1 fixed a vulnerability in Spice. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial ...

6.6CVSS7.7AI score0.02656EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/07 12:45 p.m.•71 views

USN-4573-1: Vino vulnerabilities

Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. CVE-2014-6053 It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could...

9.8CVSS7.7AI score0.07563EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/10/06 1:26 p.m.•57 views

USN-4572-1: Spice vulnerability

Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.6CVSS7.7AI score0.02656EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 6:20 p.m.•65 views

USN-4571-1: rack-cors vulnerability

It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files...

5.3CVSS5.8AI score0.02462EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 5:29 p.m.•68 views

USN-4564-1: Apache Tika vulnerabilities

It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service crash. CVE-2020-1950, CVE-2020-1951...

5.5CVSS7AI score0.02926EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 5:25 p.m.•75 views

USN-4566-1: Cyrus IMAP Server vulnerabilities

It was dicovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. CVE-2019-11356 It was discovered that the Cyrus IMA...

9.8CVSS7.5AI score0.07622EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 5:4 p.m.•115 views

USN-4570-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection...

6.5CVSS7.6AI score0.02269EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 1:35 p.m.•62 views

USN-4567-1: OpenDMARC vulnerability

It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters...

9.8CVSS8.3AI score0.02457EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 1:32 p.m.•84 views

USN-4569-1: Yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...

10CVSS8.4AI score0.17374EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/10/05 1:24 p.m.•69 views

USN-4565-1: OpenConnect vulnerability

It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service crash...

9.8CVSS7.8AI score0.03445EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/05 12:5 p.m.•140 views

USN-4568-1: Brotli vulnerability

It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash...

6.5CVSS6.9AI score0.03217EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/10/01 9:4 p.m.•81 views

USN-4563-1: NTP vulnerability

It was discovered that the fix for CVE-2018-7182 introduced a NULL pointer dereference into NTP. An attacker could use this vulnerability to cause a denial of service crash...

7.5CVSS7.3AI score0.05726EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/09/30 9:41 p.m.•59 views

USN-4562-1: kramdown vulnerability

It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code...

9.8CVSS8.3AI score0.0456EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/30 7:8 p.m.•118 views

USN-4561-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. CVE-2020-8161 It was discovered that Rack incorrectly validated cookies. An attacker could possibly use this issue to forge a secure cookie. CVE-2020-8184...

8.6CVSS7AI score0.03593EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/30 5:16 p.m.•62 views

USN-4560-1: Gon gem vulnerability

It was discovered that Gon gem did not properly escape certain input. An attacker could use this vulnerability to execute a cross-site scripting XSS attack...

6.1CVSS6.8AI score0.01376EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/30 1:44 p.m.•178 views

USN-4559-1: Samba update

Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changin...

10CVSS7.8AI score0.99512EPSS
Exploits75
Ubuntu
Ubuntu
•added 2020/09/30 1:18 p.m.•75 views

USN-4558-1: libapreq2 vulnerabilities

It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...

7.5CVSS6.8AI score0.03941EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/30 12:55 p.m.•109 views

USN-4557-1: Tomcat vulnerabilities

It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. CVE-2016-0762 Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain...

9.8CVSS7.1AI score0.90338EPSS
Exploits12
Ubuntu
Ubuntu
•added 2020/09/29 3:16 p.m.•72 views

USN-4556-1: netqmail vulnerabilities

It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. CVE-2005-1513, CVE-2005-1514, CVE-2005-1515 It was discovered that netqmail did not properly handle certain inp...

9.8CVSS6.9AI score0.10789EPSS
Exploits8
Ubuntu
Ubuntu
•added 2020/09/28 7:52 p.m.•150 views

USN-4547-2: SSVNC vulnerabilities

It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-202...

9.8CVSS7.1AI score0.08553EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 6:50 p.m.•53 views

USN-4554-1: libPGF vulnerability

It was discovered that libPGF lacked proper validation when opening a specially crafted PGF file. An attacker could possibly use this issue to cause a denial of service...

9.8CVSS8.3AI score0.01908EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 5:45 p.m.•63 views

USN-4552-1: Pam-python vulnerability

Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root...

7.8CVSS7.3AI score0.00356EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 5:40 p.m.•54 views

USN-4553-1: Teeworlds vulnerability

It was discovered that Teeworlds server did not properly handler certain network traffic. A remote, unauthenticated attacker could use this vulnerability to cause Teeworlds server to crash...

7.8CVSS7.2AI score0.02957EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 4:41 p.m.•82 views

USN-4551-1: Squid vulnerabilities

Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15049 Amit Klein discovered that Squid incorrectly validated...

9.9CVSS6.9AI score0.05706EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 4:32 p.m.•64 views

USN-4550-1: DPDK vulnerabilities

Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host...

8.8CVSS6.9AI score0.00429EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 4:7 p.m.•138 views

USN-4547-1: iTALC vulnerabilities

It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. CVE-2019-15681 It was discovered that the LibVNCServer and LibVNCClient...

9.8CVSS7.3AI score0.15089EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/09/28 3:11 p.m.•79 views

USN-4549-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. CVE-2019-1994...

9.8CVSS8.2AI score0.03678EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/28 2:43 p.m.•85 views

USN-4548-1: libuv vulnerability

It was discovered that libuv incorrectly handled certain paths. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

7.8CVSS7AI score0.00714EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 12:54 p.m.•77 views

USN-3968-3: Sudo vulnerabilities

USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

7.8CVSS7.2AI score0.00493EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/28 9:19 a.m.•107 views

USN-4546-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting XSS attacks, spoof the site displayed in the download dialog, or execute...

8.8CVSS8.1AI score0.01961EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/25 8:2 p.m.•52 views

USN-4545-1: libquicktime vulnerabilities

It was discovered that libquicktime incorrectly handled certain malformed MP4 files. If a user were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause a denial of service resource exhaustion. CVE-2017-9122 It was discovered that libquicktime...

7.1CVSS6.2AI score0.06487EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/09/25 5:14 p.m.•74 views

USN-4541-1: Gnuplot vulnerabilities

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the dfgenerateasciiarrayentry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitra...

7.8CVSS7AI score0.01553EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/09/25 5:3 p.m.•49 views

USN-4543-1: Sanitize vulnerability

Michał Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2020-4054...

7.3CVSS7AI score0.01853EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/25 3:26 p.m.•68 views

USN-4542-1: MiniUPnPd vulnerabilities

It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. CVE-2019-12107 It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue...

7.5CVSS6.4AI score0.03404EPSS
Exploits5
Ubuntu
Ubuntu
•added 2020/09/24 10:41 p.m.•252 views

USN-4527-1: Linux kernel vulnerabilities

It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-19054 It was discovered that the Atheros HTC based wireless...

7.8CVSS7AI score0.04433EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/24 8:40 p.m.•70 views

USN-4540-1: atftpd vulnerabilities

Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...

9.8CVSS7.5AI score0.04288EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/09/24 6:18 p.m.•57 views

USN-4539-1: AWL vulnerability

Andrew Bartlett discovered that DAViCal Andrew's Web Libraries AWL did not properly manage session keys. An attacker could possibly use this issue to impersonate a session. CVE-2020-11728...

7.5CVSS7.8AI score0.01588EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/24 4:1 p.m.•67 views

USN-4536-1: SPIP vulnerabilities

Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2019-16392 Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could...

8.8CVSS7.1AI score0.07538EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/09/24 1:3 p.m.•75 views

USN-4538-1: PackageKit vulnerabilities

Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. CVE-2020-16121 Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use...

8.2CVSS5.7AI score0.00462EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/24 12:52 p.m.•57 views

USN-4537-1: Aptdaemon vulnerability

Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files...

4CVSS4.9AI score0.0048EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/24 3:59 a.m.•164 views

USN-4525-1: Linux kernel vulnerabilities

It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...

7CVSS7AI score0.05228EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/23 4:48 p.m.•55 views

USN-4535-1: RDFLib vulnerability

Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. CVE-2019-7653...

9.8CVSS8.5AI score0.02263EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/23 12:52 p.m.•54 views

USN-4534-1: Perl DBI module vulnerability

It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information...

4.7CVSS5.9AI score0.00505EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/23 7:42 a.m.•144 views

USN-4526-1: Linux kernel vulnerabilities

It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2019-18808 It was discovered that the Conexant 23885 TV card device...

7.8CVSS6.5AI score0.05228EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/22 8:2 p.m.•60 views

USN-4533-1: LTSP Display Manager vulnerabilities

Veeti Veteläinen discovered that the LTSP Display Manager ldm incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges. CVE-2019-20373...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/09/22 4:15 p.m.•90 views

USN-4532-1: Netty vulnerabilities

It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. CVE-2019-16869 It was discovered that Netty incorrectly handled certain...

9.1CVSS7.1AI score0.13474EPSS
Exploits3
Total number of security vulnerabilities10923