Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2020/08/03 1:7 p.m.•81 views

USN-4445-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code,...

9.8CVSS8.6AI score0.05186EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/08/03 12:44 p.m.•81 views

USN-4444-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

9.8CVSS6.7AI score0.04138EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/31 1:22 a.m.•167 views

USN-4440-1: linux kernel vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the kernel-user space relay...

7.8CVSS7.2AI score0.01314EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/07/29 6:50 p.m.•94 views

USN-4432-1: GRUB 2 vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

8.2CVSS8AI score0.01588EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2020/07/29 4:40 p.m.•81 views

USN-4443-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary...

9.3CVSS7.9AI score0.0779EPSS
Exploits6
Ubuntu
Ubuntu
•added 2020/07/29 12:43 p.m.•70 views

USN-4436-2: librsvg regression

USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker...

6.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/07/28 7:9 p.m.•78 views

USN-4442-1: Sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...

9.8CVSS7.5AI score0.03982EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/28 2:56 p.m.•98 views

USN-4441-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.31. In addition to security fixes, the updated...

7.2CVSS6.5AI score0.02692EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 11:9 p.m.•246 views

USN-4427-1: Linux kernel vulnerabilities

It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2019-19947 Chuhong Yuan discovered that go7007 USB audio device driver in the...

7.8CVSS7.2AI score0.00617EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 10:46 p.m.•186 views

USN-4426-1: Linux kernel vulnerabilities

Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading SSDT code from an EFI variable. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel. CVE-2019-20908 Fan Yang...

7.8CVSS7.4AI score0.01314EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 10:38 p.m.•123 views

USN-4439-1: Linux kernel vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...

7.8CVSS7.2AI score0.01841EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/07/27 6:8 p.m.•352 views

USN-4425-1: Linux kernel vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the kernel-user space relay...

7.2CVSS7.3AI score0.01314EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 4:29 p.m.•83 views

USN-4435-2: ClamAV vulnerabilities

USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause...

7.5CVSS7.7AI score0.05063EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 2:32 p.m.•92 views

USN-4438-1: SQLite vulnerability

It was discovered that SQLite incorrectly handled query-flattener optimization. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS7.7AI score0.01027EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/27 2:26 p.m.•80 views

USN-4437-1: libslirp vulnerability

Ziming Zhang and VictorV discovered that libslirp incorrectly handled replying to certain ICMP echo requests. A remote attacker could possibly use this issue to cause libslirp to crash, resulting in a denial of service...

6.5CVSS7.1AI score0.0051EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 2:15 p.m.•86 views

USN-4436-1: librsvg vulnerabilities

It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2017-11464 It was discovered that librsvg incorrectly handled...

7.8CVSS6.5AI score0.02125EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 2:9 p.m.•77 views

USN-4435-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing ARJ archives. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2020-3327 It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could...

7.5CVSS7.6AI score0.05063EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/27 8:24 a.m.•122 views

LSN-0069-1: Kernel Live Patch Security Notice

Relayopen in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service such as relay blockage by triggering a NULL allocpercpu result. CVE-2019-19462 Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Page...

9CVSS6.6AI score0.19039EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/07/23 8:9 p.m.•77 views

USN-4434-1: LibVNCServer vulnerabilities

Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. CVE-2019-20839 It was discovered that LibVNCServer did no...

7.5CVSS7.2AI score0.03589EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/23 6:7 p.m.•108 views

USN-4433-1: OpenJDK vulnerabilities

Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use...

8.3CVSS6.6AI score0.05166EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/23 11:14 a.m.•99 views

USN-4430-2: Pillow vulnerabilities

USN-4430-1 fixed vulnerabilities in Pillow. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file...

8.1CVSS7.1AI score0.02514EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/22 4:18 p.m.•98 views

USN-4431-1: FFmpeg vulnerabilities

It was discovered that FFmpeg incorrectly verified empty audio packets or HEVC data. An attacker could possibly use this issue to cause a denial of service via a crafted file. This issue only affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04 LTS. For more information see:...

10CVSS6.7AI score0.03756EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/07/22 1:13 p.m.•78 views

USN-4430-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service...

8.1CVSS7.1AI score0.02514EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/22 12:59 p.m.•99 views

USN-4428-1: Python vulnerabilities

It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this information. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-17514 It was discovered that...

7.5CVSS7.3AI score0.12826EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/22 12:3 p.m.•72 views

USN-4429-1: Evolution Data Server vulnerability

It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...

5.9CVSS7AI score0.02808EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/15 2:54 p.m.•79 views

USN-4199-2: libvpx vulnerabilities

USN-4199-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted We...

7.8CVSS7.2AI score0.05092EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/15 2:49 p.m.•93 views

USN-4424-1: snapd vulnerabilities

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intende...

7.3CVSS6.6AI score0.00365EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/14 9:1 p.m.•43 views

USN-4423-1: Firefox vulnerability

It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/07/14 2:8 p.m.•108 views

USN-4422-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

10CVSS7.1AI score0.77246EPSS
Exploits5
Ubuntu
Ubuntu
•added 2020/07/09 5:41 p.m.•106 views

USN-4376-2: OpenSSL vulnerabilities

USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered...

5.9CVSS6.7AI score0.17139EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/08 5:7 p.m.•99 views

USN-4421-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbtirary code. CVE-2020-12405,...

9.3CVSS7.5AI score0.03034EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/07/07 1:51 p.m.•60 views

USN-4420-1: Cinder and os-brick vulnerability

David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information...

6.5CVSS6.5AI score0.01203EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 10:7 p.m.•128 views

USN-4419-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Precision Time Protocol PTP implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-10690...

6.7CVSS6.9AI score0.04505EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 8:28 p.m.•107 views

USN-4414-1: Linux kernel vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...

9.3CVSS6.6AI score0.04505EPSS
Exploits6
Ubuntu
Ubuntu
•added 2020/07/06 7:59 p.m.•70 views

USN-4417-2: NSS vulnerability

USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacke...

4.4CVSS7.3AI score0.00337EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 7:54 p.m.•149 views

USN-4412-1: Linux kernel vulnerabilities

Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service system crash. CVE-2020-10711 It was discovered that the SCSI generic sg driver in...

6.7CVSS6.8AI score0.04505EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 7:29 p.m.•1228 views

USN-4411-1: Linux kernel vulnerabilities

It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2020-10732 Matthew Sheets discovered that the SELinux network label handlin...

6.7CVSS6.6AI score0.04505EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 6:22 p.m.•71 views

USN-4418-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

5.5CVSS7AI score0.00464EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 6:16 p.m.•71 views

USN-4417-1: NSS vulnerability

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys...

4.4CVSS7.3AI score0.00337EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/06 6:10 p.m.•111 views

USN-4416-1: GNU C Library vulnerabilities

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-121...

9.8CVSS7.6AI score0.074EPSS
Exploits6
Ubuntu
Ubuntu
•added 2020/07/06 5:11 p.m.•71 views

USN-4415-1: coTURN vulnerabilities

Felix Dörre discovered that coTURN response buffer is not initialized properly. An attacker could possibly use this issue to obtain sensitive information. CVE-2020-4067 It was discovered that coTURN web server incorrectly handled HTTP POST requests. An attacker could possibly use this issue to...

9.8CVSS7.1AI score0.06102EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/07/02 11:39 p.m.•91 views

USN-4413-1: Linux kernel vulnerabilities

Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service system crash. CVE-2020-10711 It was discovered that the SCSI generic sg driver in...

6.7CVSS6.8AI score0.04505EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/02 7:23 p.m.•72 views

USN-4410-1: Net-SNMP vulnerability

A double-free bug was discovered in snmpd server. An authenticated user could potentially cause a DoS by sending a crafted request to the server. CVE-2019-20892...

6.5CVSS7AI score0.02315EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/07/02 1:39 p.m.•87 views

USN-4408-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass permission prompts, or execute arbitrary code. CVE-2020-12415,...

9.3CVSS8AI score0.03034EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/07/02 12:42 p.m.•99 views

USN-4409-1: Samba vulnerabilities

Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.10 and Ubuntu 20.04 LTS...

7.8CVSS7.1AI score0.03874EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/07/01 11:44 p.m.•74 views

USN-4407-1: LibVNCServer vulnerabilities

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...

9.8CVSS7.5AI score0.03345EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/06/29 1:10 p.m.•79 views

USN-4406-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page...

4.3CVSS6.5AI score0.01888EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/06/29 2:5 a.m.•92 views

USN-4405-1: GLib Networking vulnerability

It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information...

6.5CVSS6.9AI score0.01933EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/06/25 8:58 p.m.•76 views

USN-4404-2: Linux kernel vulnerabilities

USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when...

7.8CVSS6.7AI score0.00471EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/06/25 5:46 p.m.•68 views

USN-4404-1: NVIDIA graphics drivers vulnerabilities

Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2020-5963 It was discovered that the UVM driver in the NVIDIA graphics...

7.8CVSS6.7AI score0.00471EPSS
Exploits0
Total number of security vulnerabilities10923