Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2020/09/02 2:22 a.m.•104 views

USN-4486-1: Linux kernel vulnerability

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service system crash...

5.5CVSS6.8AI score0.00574EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/09/01 7:27 p.m.•65 views

USN-4482-1: Ark vulnerability

Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory...

4.3CVSS4.8AI score0.01496EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/01 1:4 p.m.•73 views

USN-4481-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS6.5AI score0.02114EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/01 12:47 p.m.•78 views

USN-4471-2: Net-SNMP regression

USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/09/01 11:10 a.m.•65 views

USN-4480-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. CVE-2020-12689, CVE-2020-12691 It was discovered that OpenStack Keystone incorrectly handled the list of...

8.8CVSS7AI score0.04918EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/09/01 10:56 a.m.•75 views

USN-4479-1: Django vulnerabilities

It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions...

7.5CVSS7.3AI score0.03969EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/31 5:48 p.m.•72 views

USN-4478-1: Python-RSA vulnerability

It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information...

7.5CVSS7.4AI score0.01359EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/27 5:13 p.m.•88 views

USN-4477-1: Squid vulnerabilities

Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. CVE-2020-15810 Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker...

8.6CVSS6.9AI score0.05162EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/27 3:45 p.m.•83 views

USN-4476-1: NSS vulnerability

It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information...

9.1CVSS7.4AI score0.01541EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/27 12:24 p.m.•70 views

USN-4475-1: Chrony vulnerability

It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...

6CVSS6.7AI score0.00485EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/27 10:46 a.m.•97 views

USN-4446-2: Squid regression

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/08/26 6:29 p.m.•101 views

USN-4474-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information...

8.8CVSS7.8AI score0.01449EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/08/26 2:14 p.m.•67 views

USN-4473-1: libmysofa vulnerabilities

It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. CVE-2019-16091, CVE-2019-16092, CVE-2019-16093, CVE-2019-16094, CVE-2019-16095...

9.8CVSS7AI score0.0153EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/25 12:20 p.m.•87 views

USN-4472-1: PostgreSQL vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

7.3CVSS7.9AI score0.02235EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/24 5:38 p.m.•72 views

USN-4470-1: sane-backends vulnerabilities

Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. CVE-2017-6318 It was discovered that sane-backends incorrectly handled...

8.8CVSS6.5AI score0.03044EPSS
Exploits7
Ubuntu
Ubuntu
•added 2020/08/24 4:9 p.m.•70 views

USN-4471-1: Net-SNMP vulnerabilities

Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. CVE-2020-15861 It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrar...

7.8CVSS7.3AI score0.00459EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/24 1:5 p.m.•65 views

USN-4469-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary...

7.8CVSS6.4AI score0.02258EPSS
Exploits25
Ubuntu
Ubuntu
•added 2020/08/24 12:5 p.m.•91 views

USN-4468-2: Bind vulnerability

USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed reques...

6.5CVSS6.9AI score0.05545EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/23 4:11 a.m.•618 views

USN-4465-1: linux kernel vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. CVE-2020-12655 It was discovered that the...

7.1CVSS6.6AI score0.00519EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/21 11:29 a.m.•91 views

USN-4468-1: Bind vulnerabilities

Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8620 Joseph Gullo discovered that Bind incorrectly handled...

7.5CVSS6.5AI score0.06348EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/20 12:25 p.m.•130 views

USN-4466-2: curl vulnerability

USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination,...

7.5CVSS6.7AI score0.03721EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/19 5:1 p.m.•84 views

USN-4467-1: QEMU vulnerabilities

Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS...

6.8CVSS6.8AI score0.02409EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/19 11:33 a.m.•64 views

USN-4466-1: curl vulnerability

Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information...

7.5CVSS6.7AI score0.03721EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/18 11:25 a.m.•80 views

USN-4464-1: GNOME Shell vulnerability

It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout...

4.3CVSS6.5AI score0.00553EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/18 4:39 a.m.•102 views

USN-4463-1: Linux kernel vulnerabilities

It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. CVE-2020-12771 Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly...

5.5CVSS6.8AI score0.00519EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/18 4:25 a.m.•104 views

USN-4462-1: Linux kernel vulnerability

It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service...

5.5CVSS6.8AI score0.00519EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/18 4:13 a.m.•66 views

USN-4461-1: Ark vulnerability

Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory...

4.3CVSS4.9AI score0.01706EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/17 4:46 p.m.•93 views

USN-4460-1: Oniguruma vulnerabilities

It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact. CVE-2019-16163, CVE-2019-19012, CVE-2019-19204, CVE-2019-19246...

9.8CVSS7.1AI score0.10539EPSS
Exploits5
Ubuntu
Ubuntu
•added 2020/08/17 2:30 p.m.•52 views

USN-4457-2: Software Properties vulnerability

USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricke...

5.5CVSS5.9AI score0.00313EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/17 12:32 p.m.•63 views

USN-4456-2: Dovecot vulnerabilities

USN-4456-1 fixed several vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to...

7.5CVSS6.8AI score0.06187EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/08/17 9:58 a.m.•63 views

LSN-0070-1: Kernel Live Patch Security Notice

Mauricio Faria de Oliveira discovered that the aufs implementation in the Linux kernel improperly managed inode reference counts in the vfsubdentryopen method. A local attacker could use this vulnerability to cause a denial of service. CVE-2020-11935...

5.5CVSS6.2AI score0.002EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/13 9:23 p.m.•87 views

USN-4459-1: Salt vulnerabilities

It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. CVE-2018-15750 It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to...

9.8CVSS8.1AI score0.96405EPSS
Exploits25
Ubuntu
Ubuntu
•added 2020/08/13 2:27 p.m.•486 views

USN-4458-1: Apache HTTP Server vulnerabilities

Fabrice Perez discovered that the Apache modrewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. CVE-2020-1927 Chamal De Silva discovered that the Apache modproxyftp module incorrectly handled memory when...

9.8CVSS7.3AI score0.90039EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/08/12 1:56 p.m.•62 views

USN-4457-1: Software Properties vulnerability

Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen...

5.5CVSS5.9AI score0.00313EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/12 1:42 p.m.•68 views

USN-4456-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. CVE-2020-12100 It was discovered that Dovecot incorrectly handled memory when using NTLM. A remote...

7.5CVSS6.8AI score0.06187EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/08/10 7:10 p.m.•84 views

USN-4454-2: Samba vulnerability

USN-4454-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT...

7.5CVSS7.9AI score0.03539EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/10 5:28 p.m.•79 views

USN-4455-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. CVE-2020-12400, CVE-2020-12401, CVE-2020-6829...

5.3CVSS7.3AI score0.01449EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/10 1:42 p.m.•79 views

USN-4454-1: Samba vulnerability

Martin von Wittich and Wilko Meyer discovered that Samba incorrectly handled certain empty UDP packets when being used as a AD DC NBT server. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service...

7.5CVSS7.9AI score0.03539EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/06 2:10 p.m.•60 views

USN-4451-2: ppp vulnerability

USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

5.5CVSS5.9AI score0.00364EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/05 5:58 p.m.•108 views

USN-4453-1: OpenJDK 8 vulnerabilities

Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could...

8.3CVSS6.5AI score0.04315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/05 12:20 p.m.•53 views

USN-4441-2: MySQL regression

USN-4441-1 fixed vulnerabilities in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. This update fixes the problem. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versio...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/08/04 11:54 p.m.•84 views

USN-4432-2: GRUB2 regression

USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems either pre-UEFI or UEFI configured in Legacy mode, preventing them from successfully booting. This update addresses the issue. Users with BIOS syste...

8.1AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2020/08/04 5:31 p.m.•53 views

USN-4452-1: libvirt vulnerability

Trent Shea working with Trend Micro´s Zero Day Initiative, discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges...

9.3CVSS8AI score0.00383EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/04 5:21 p.m.•60 views

USN-4451-1: ppp vulnerability

Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code...

5.5CVSS5.8AI score0.00364EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/04 5:14 p.m.•53 views

USN-4450-1: Whoopsie vulnerabilities

Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. CVE-2020-11937 Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use...

5.5CVSS6AI score0.01165EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/08/04 5:5 p.m.•60 views

USN-4449-1: Apport vulnerabilities

Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. CVE-2020-11936 Seong-Joong Kim discovered that Apport incorrectly parsed configuration...

7CVSS6.5AI score0.00498EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/08/04 4:56 p.m.•106 views

USN-4448-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. CVE-2020-13935 It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain...

7.5CVSS7.9AI score0.87553EPSS
Exploits16
Ubuntu
Ubuntu
•added 2020/08/04 1:31 p.m.•92 views

USN-4447-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

5.9CVSS6.6AI score0.04105EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/08/03 6:29 p.m.•87 views

USN-4298-2: SQLite vulnerabilities

USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a...

8.8CVSS7.8AI score0.06997EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/03 1:25 p.m.•78 views

USN-4446-1: Squid vulnerabilities

Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...

9.8CVSS6.7AI score0.0918EPSS
Exploits0
Total number of security vulnerabilities10923