Ubuntu - Page 110 of Ubuntu Vulnerabilities List

Ubuntu•added 2020/07/02 7:23 p.m.•69 views

USN-4410-1: Net-SNMP vulnerability

A double-free bug was discovered in snmpd server. An authenticated user could potentially cause a DoS by sending a crafted request to the server. CVE-2019-20892...

6.5CVSS7AI score0.02315EPSS

Ubuntu•added 2020/07/02 1:39 p.m.•83 views

USN-4408-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

9.3CVSS8AI score0.03059EPSS

Exploits4

Ubuntu•added 2020/07/02 12:42 p.m.•98 views

USN-4409-1: Samba vulnerabilities

Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS...

7.8CVSS7.1AI score0.03874EPSS

Ubuntu•added 2020/07/01 11:44 p.m.•73 views

USN-4407-1: LibVNCServer vulnerabilities

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...

9.8CVSS7.5AI score0.03345EPSS

Ubuntu•added 2020/06/29 1:10 p.m.•78 views

USN-4406-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page...

4.3CVSS6.5AI score0.01814EPSS

Ubuntu•added 2020/06/29 2:5 a.m.•89 views

USN-4405-1: GLib Networking vulnerability

It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information...

6.5CVSS6.9AI score0.01933EPSS

Ubuntu•added 2020/06/25 8:58 p.m.•74 views

USN-4404-2: Linux kernel vulnerabilities

USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when...

7.8CVSS6.7AI score0.00471EPSS

Ubuntu•added 2020/06/25 5:46 p.m.•67 views

USN-4404-1: NVIDIA graphics drivers vulnerabilities

Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-5963 It was discovered that the UVM driver in the NVIDIA graphics...

7.8CVSS6.7AI score0.00471EPSS

Ubuntu•added 2020/06/24 4:22 p.m.•70 views

USN-4403-1: Mutt vulnerability and regression

It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. CVE-2020-14954 This update also address a regression caused in the last update USN-4401-1. It only affected Ubuntu 12.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

5.9CVSS6.6AI score0.02288EPSS

Ubuntu•added 2020/06/24 11:51 a.m.•215 views

USN-4402-1: curl vulnerabilities

Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. CVE-2020-8169 It was discovered that curl incorrectl...

7.8CVSS6.8AI score0.03427EPSS

Exploits2

Ubuntu•added 2020/06/22 2:20 p.m.•64 views

USN-4401-1: Mutt vulnerabilities

It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. CVE-2020-14093 It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the...

5.9CVSS6.3AI score0.0214EPSS

Ubuntu•added 2020/06/22 1:35 p.m.•78 views

USN-4400-1: nfs-utils vulnerability

It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges...

10CVSS7.7AI score0.01499EPSS

Ubuntu•added 2020/06/17 7:26 p.m.•71 views

USN-4399-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2020-8618 It was discovered that Bind incorrectly handled certain asterisk characters in zone files....

4.9CVSS6.5AI score0.02088EPSS

Ubuntu•added 2020/06/17 3:11 p.m.•84 views

USN-4397-2: NSS vulnerability

USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a...

4.4CVSS7.3AI score0.00651EPSS

Ubuntu•added 2020/06/16 6:42 p.m.•66 views

USN-4398-2: DBus vulnerability

USN-4398-1 fixed a vulnerability in DBus. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to...

5.5CVSS6.7AI score0.00574EPSS

Ubuntu•added 2020/06/16 5:5 p.m.•63 views

USN-4398-1: DBus vulnerability

Kevin Backhouse discovered that DBus incorrectly handled file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service...

5.5CVSS6.7AI score0.00574EPSS

Ubuntu•added 2020/06/16 4:56 p.m.•85 views

USN-4397-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. CVE-2019-17023 Cesar Pereida Garcia discovered that NSS...

6.5CVSS7.3AI score0.0134EPSS

Ubuntu•added 2020/06/16 1:12 p.m.•71 views

USN-4396-1: libexif vulnerabilities

It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. CVE-2020-0093, CVE-2020-0182 It was discovered that libexif incorrectly handled certain inputs. An attacker could possibly use this issue to cause a remote...

9.1CVSS7.2AI score0.04442EPSS

Ubuntu•added 2020/06/15 2:51 p.m.•72 views

USN-4315-2: Apport vulnerabilities

USN-4315-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their...

6.5CVSS5.6AI score0.00656EPSS

Exploits2

Ubuntu•added 2020/06/15 1:23 p.m.•77 views

USN-4395-1: fwupd vulnerability

Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware...

6CVSS6.1AI score0.0049EPSS

Ubuntu•added 2020/06/11 11:1 p.m.•123 views

USN-4391-1: Linux kernel vulnerabilities

It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle setxattr operations in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-19319 It was discovered that memory...

7.5CVSS7.3AI score0.01229EPSS

Exploits4References1

Ubuntu•added 2020/06/11 10:52 p.m.•222 views

USN-4390-1: Linux kernel vulnerabilities

It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2020-0067 It was discovered that memory contents...

7.5CVSS6.9AI score0.01229EPSS

Exploits1References1

Ubuntu•added 2020/06/10 9:50 p.m.•152 views

USN-4385-2: Intel Microcode regression

USN-4385-1 provided updated Intel Processor Microcode. Unfortunately, that update prevented certain processors in the Intel Skylake family 064EH from booting successfully. Additonally, on Ubuntu 20.04 LTS, late loading of microcode was enabled, which could lead to system instability. This update...

6.8AI score

Exploits0References2

Ubuntu•added 2020/06/10 6:31 p.m.•117 views

USN-4387-1: Linux kernel vulnerabilities

7.2CVSS7.1AI score0.00802EPSS

Exploits2References1

Ubuntu•added 2020/06/10 5:26 p.m.•118 views

USN-4389-1: Linux kernel vulnerabilities

7.2CVSS7.2AI score0.00802EPSS

Exploits2References1

Ubuntu•added 2020/06/10 1:36 p.m.•114 views

USN-4394-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-8740 It was discovered that SQLite incorrectly handled certain SELECT statements. An attacker cou...

7.5CVSS7AI score0.0825EPSS

Exploits3

Ubuntu•added 2020/06/10 12:44 a.m.•115 views

USN-4393-1: Linux kernel vulnerabilities

It was discovered that the Marvell WiFi-Ex Driver in the Linux kernel did not properly validate status lengths in messages received from an access point, leading to a buffer overflow. A physically proximate attacker controlling an access point could use this to construct messages that could...

7.1CVSS7.6AI score0.01228EPSS

Ubuntu•added 2020/06/10 12:42 a.m.•130 views

USN-4392-1: Linux kernel vulnerabilities

7.1CVSS7.5AI score0.01228EPSS

Ubuntu•added 2020/06/09 11:18 p.m.•126 views

USN-4388-1: Linux kernel vulnerabilities

7.5CVSS7.2AI score0.01229EPSS

Exploits2References1

Ubuntu•added 2020/06/09 6:42 p.m.•82 views

USN-4385-1: Intel Microcode vulnerabilities

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use th...

5.5CVSS6.8AI score0.00587EPSS

Ubuntu•added 2020/06/09 5:44 p.m.•71 views

USN-4386-1: libjpeg-turbo vulnerability

It was discovered that libjpeg-turbo incorrectly handled certain PPM files. An attacker could possibly use this issue to access sensitive information...

8.1CVSS6.8AI score0.03178EPSS

Ubuntu•added 2020/06/09 12:7 p.m.•91 views

LSN-0068-1: Kernel Live Patch Security Notice

It was discovered that the virtual terminal implementation in the Linux kernel did not properly handle resize events. A local attacker could use this to expose sensitive information. CVE-2020-8647 It was discovered that the virtual terminal implementation in the Linux kernel contained a race...

7.1CVSS6.7AI score0.00722EPSS

Exploits2

Ubuntu•added 2020/06/05 5:9 p.m.•81 views

USN-4384-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information...

7.4CVSS7.4AI score0.17507EPSS

Exploits3

Ubuntu•added 2020/06/04 8:26 p.m.•93 views

USN-4383-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. CVE-2020-12405, CVE-2020-12406, CVE-2020-12407,...

9.3CVSS7.7AI score0.01537EPSS

Ubuntu•added 2020/06/04 12:57 p.m.•83 views

USN-4381-2: Django vulnerabilities

USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of...

6.1CVSS6.7AI score0.06041EPSS

Ubuntu•added 2020/06/04 11:58 a.m.•117 views

USN-4382-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.3CVSS6.5AI score0.02653EPSS

Exploits9

Ubuntu•added 2020/06/03 11:32 a.m.•78 views

USN-4381-1: Django vulnerabilities

Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. CVE-2020-13254 Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin...

6.1CVSS6.7AI score0.06041EPSS

Ubuntu•added 2020/06/01 8:8 p.m.•82 views

USN-4380-1: Apache Ant vulnerability

It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...

6.3CVSS7.4AI score0.01854EPSS

Ubuntu•added 2020/06/01 5:32 p.m.•92 views

USN-4379-1: FreeRDP vulnerabilities

8.3CVSS6.5AI score0.02689EPSS

Exploits13

Ubuntu•added 2020/06/01 5:5 p.m.•65 views

USN-4377-2: ca-certificates update

USN-4377-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root"...

5.4AI score

Ubuntu•added 2020/06/01 3:28 p.m.•223 views

USN-4378-1: Flask vulnerability

It was discovered that Flask incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.4AI score0.03855EPSS

Ubuntu•added 2020/06/01 2:23 p.m.•71 views

USN-4377-1: ca-certificates update

The ca-certificates package contained an expired CA certificate that caused connectivity issues. This update removes the "AddTrust External Root" CA. In addition, on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update refreshes the included certificates to those contained in the 20190110 package...

5.4AI score

Ubuntu•added 2020/05/28 10:46 p.m.•112 views

USN-4367-2: Linux kernel regression

USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not...

6.7AI score0.034EPSS

Exploits1References1

Ubuntu•added 2020/05/28 10:34 p.m.•162 views

USN-4369-2: Linux kernel regression

USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not...

6.5AI score

Ubuntu•added 2020/05/28 8:20 p.m.•200 views

USN-4363-1: Linux kernel vulnerabilities

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 It was discovered that the linux kernel did not properly validate certain mount options to the...

7.8CVSS6.4AI score0.00722EPSS

Ubuntu•added 2020/05/28 7:6 p.m.•72 views

USN-4359-2: APT vulnerability

USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted...

5.5CVSS6.3AI score0.01305EPSS

Ubuntu•added 2020/05/28 12:7 p.m.•102 views

USN-4376-1: OpenSSL vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

5.3CVSS6.6AI score0.14298EPSS

Ubuntu•added 2020/05/28 11:33 a.m.•108 views

USN-4360-4: json-c vulnerability

USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An...

7.8CVSS7.2AI score0.01888EPSS

Ubuntu•added 2020/05/27 6:0 p.m.•126 views

USN-4375-1: PHP vulnerability

It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

5.3CVSS7.1AI score0.06264EPSS