Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2020/04/14 7:26 p.m.•74 views

USN-4329-1: Git vulnerability

Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host...

9.3CVSS7.4AI score0.10047EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/04/13 7:46 p.m.•87 views

USN-4328-1: Thunderbird vulnerabilities

It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. CVE-2020-6792 Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an...

9.8CVSS7.6AI score0.06305EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/04/10 6:10 p.m.•120 views

USN-4319-1: Linux kernel vulnerabilities

It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-19046 Al Viro discovered that the vfs layer in the Linux...

7.1CVSS6.8AI score0.02745EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/09 12:58 p.m.•223 views

LSN-0065-1: Kernel Live Patch Security Notice

Andrew Honig reported a flaw in the way KVM Kernel-based Virtual Machine emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service crash the host. CVE-2013-1798 It was discovered that the KVM implementation in the Linux kernel, when...

7.1CVSS6.7AI score0.0135EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/04/09 12:11 p.m.•62 views

USN-4327-1: libssh vulnerability

Yasheng Yang discovered that libssh incorrectly handled AES-CTR ciphers. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service...

5.3CVSS7.2AI score0.03065EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/08 2:33 p.m.•79 views

USN-4326-1: libiberty vulnerabilities

It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary...

7.8CVSS6.6AI score0.0669EPSS
Exploits11
Ubuntu
Ubuntu
•added 2020/04/07 11:25 p.m.•132 views

USN-4325-1: Linux kernel vulnerabilities

It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-19046 Al Viro discovered that the vfs layer in the Linux...

7.1CVSS6.8AI score0.02745EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/07 9:0 p.m.•115 views

USN-4324-1: Linux kernel vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Shijie Luo discovered that the ext4 file system...

7.1CVSS6.7AI score0.00655EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/07 5:34 p.m.•107 views

USN-4323-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-6821, CVE-2020-6822, CVE-2020-6824,...

9.8CVSS7.7AI score0.01905EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/07 1:35 p.m.•102 views

USN-4322-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled randomness when performing DTLS negotiation. A remote attacker could possibly use this issue to obtain sensitive information, contrary to expectations...

7.4CVSS7AI score0.03388EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/07 12:10 p.m.•117 views

USN-4321-1: HAProxy vulnerability

Felix Wilhelm discovered that HAProxy incorrectly handled certain HTTP/2 requests. An attacker could possibly use this to execute arbitrary code...

8.8CVSS7.6AI score0.60727EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/06 8:29 p.m.•137 views

USN-4318-1: Linux kernel vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Gustavo Romero and Paul Mackerras discovered that th...

7.1CVSS6.7AI score0.00655EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/04/06 8:15 p.m.•219 views

USN-4320-1: Linux kernel vulnerability

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory...

7.1CVSS6.8AI score0.00655EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/04/04 1:2 p.m.•135 views

USN-4317-1: Firefox vulnerabilities

Two use-after-free bugs were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit these to cause a denial of service or execute arbitrary code...

8.1CVSS8.6AI score0.06305EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/04/02 10:14 p.m.•93 views

USN-4316-2: GD Graphics Library vulnerabilities

USN-4316-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics...

7.5CVSS5.8AI score0.04332EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/04/02 10:6 p.m.•100 views

USN-4316-1: GD Graphics Library vulnerabilities

It was discovered that GD Graphics Library incorrectly handled cloning an image. An attacker could possibly use this issue to cause GD Graphics Library to crash, resulting in a denial of service. CVE-2018-14553 It was discovered that GD Graphics Library incorrectly handled loading images from X...

7.5CVSS5.7AI score0.04332EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/04/02 12:55 a.m.•118 views

USN-4315-1: Apport vulnerabilities

Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. CVE-2020-8831 Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions...

6.5CVSS5.4AI score0.00651EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/03/31 1:42 p.m.•70 views

USN-4314-1: pam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.7AI score0.04784EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/30 6:10 p.m.•84 views

USN-4313-1: Linux kernel vulnerability

Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information kernel memory or gain administrative privileges...

7.8CVSS7.1AI score0.0606EPSS
Exploits9
Ubuntu
Ubuntu
•added 2020/03/30 5:49 p.m.•88 views

USN-4311-1: BlueZ vulnerabilities

It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. CVE-2020-0556 It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to...

7.8CVSS6.9AI score0.01033EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/30 2:35 p.m.•102 views

USN-4312-1: Timeshift vulnerability

Matthias Gerstner discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root...

7CVSS7.2AI score0.0028EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/30 12:22 p.m.•80 views

USN-4310-1: WebKitGTK+ vulnerability

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

9.8CVSS6.9AI score0.04987EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/30 12:0 p.m.•85 views

USN-4308-2: Twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

9.8CVSS7.1AI score0.04083EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/03/25 3:12 a.m.•202 views

USN-4302-1: Linux kernel vulnerabilities

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information. CVE-2020-2732 Gregory Herrero discovere...

6.8CVSS6.5AI score0.02745EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/03/25 1:39 a.m.•182 views

USN-4301-1: Linux kernel vulnerabilities

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...

7.8CVSS6.4AI score0.03286EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/25 1:13 a.m.•160 views

USN-4300-1: Linux kernel vulnerabilities

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...

7.8CVSS6.5AI score0.03286EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/24 10:38 a.m.•63 views

USN-4134-3: IBus vulnerability

USN-4134-1 fixed a vulnerability in IBus. The update caused a regression in some Qt applications and the fix was subsequently reverted in USN-4134-2. The regression has since been resolved and so this update fixes the original vulnerability. We apologize for the inconvenience. Original advisory...

7.1CVSS6.9AI score0.00365EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/23 2:29 p.m.•77 views

USN-4309-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS CVE-2017-11109 It was discovered that Vim incorrectly handled certain files. An...

9.8CVSS7.5AI score0.03389EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/19 5:18 p.m.•214 views

USN-4308-1: Twisted vulnerabilities

it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. CVE-2019-12387 It was discovered that Twisted incorrectly verified XMPP TLS...

9.8CVSS7.4AI score0.87806EPSS
Exploits4
Ubuntu
Ubuntu
•added 2020/03/18 2:49 p.m.•69 views

USN-4307-1: Apache HTTP Server update

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments...

5.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/03/18 2:33 a.m.•112 views

USN-4171-5: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. This caused a regression in autopkgtest and python2 compatibility. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as the root...

5.7AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2020/03/17 7:12 p.m.•78 views

USN-4306-1: Dino vulnerabilities

It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in addition to 16 byte IVs...

7.5CVSS7.2AI score0.02385EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2020/03/17 12:54 p.m.•101 views

USN-4305-1: ICU vulnerability

André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS8AI score0.02669EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/17 12:28 p.m.•87 views

USN-4304-1: Ceph vulnerability

Or Friedman discovered that Ceph incorrectly handled disconnects. A remote authenticated attacker could possibly use this issue to cause Ceph to consume resources, leading to a denial of service...

6.8CVSS6.8AI score0.02488EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/17 1:48 a.m.•109 views

USN-4303-1: Linux kernel vulnerability

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information...

6.8CVSS6.7AI score0.00927EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/17 1:41 a.m.•121 views

USN-4303-2: Linux kernel (HWE) vulnerability

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel...

6.8CVSS6.7AI score0.00927EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/11 9:53 p.m.•96 views

USN-4299-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy CSP...

9.8CVSS7.7AI score0.03191EPSS
Exploits2
Ubuntu
Ubuntu
•added 2020/03/10 1:4 p.m.•101 views

USN-4298-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2019-13734, CVE-2019-13750, CVE-2019-13753 It was discovered that SQLite incorrectly handle...

8.8CVSS7.8AI score0.07856EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/09 3:21 p.m.•109 views

USN-4297-1: runC vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. CVE-2019-16884 It was discovered that runC incorrectly performed access...

7.5CVSS6.8AI score0.04409EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/04 12:22 p.m.•91 views

USN-4296-1: Django vulnerability

Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack...

8.8CVSS7.3AI score0.22513EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/03 2:59 p.m.•99 views

USN-4295-1: Rake vulnerability

It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands...

6.9CVSS7.2AI score0.01359EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/03/03 11:54 a.m.•94 views

USN-4290-2: libpam-radius-auth vulnerability

USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use th...

7.5CVSS7.3AI score0.03449EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/03/02 6:17 p.m.•100 views

USN-4294-1: OpenSMTPD vulnerabilities

It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. CVE-2020-8794 It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An...

10CVSS7.5AI score0.889EPSS
Exploits14
Ubuntu
Ubuntu
•added 2020/03/02 5:58 p.m.•103 views

USN-4288-2: ppp vulnerability

USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash,...

9.8CVSS8.7AI score0.19431EPSS
Exploits3
Ubuntu
Ubuntu
•added 2020/03/02 1:58 p.m.•94 views

USN-4293-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. CVE-2019-19221 It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a...

8.8CVSS7AI score0.02251EPSS
Exploits1
Ubuntu
Ubuntu
•added 2020/02/26 1:56 p.m.•72 views

USN-4278-3: Firefox regressions

USN-4278-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2020/02/26 1:18 p.m.•124 views

USN-4278-2: Firefox vulnerabilities

USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...

8.8CVSS7.9AI score0.02274EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/25 1:11 a.m.•150 views

USN-4292-1: rsync vulnerabilities

It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 It was discovered that rsync incorrectly handled vectors...

9.8CVSS7.8AI score0.07489EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/24 2:28 p.m.•88 views

USN-4291-1: mod-auth-mellon vulnerability

It was discovered that modauthmellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL...

6.1CVSS6.8AI score0.01423EPSS
Exploits0
Ubuntu
Ubuntu
•added 2020/02/24 2:21 p.m.•74 views

USN-4290-1: libpam-radius-auth vulnerability

It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service...

7.5CVSS7.3AI score0.03449EPSS
Exploits0
Total number of security vulnerabilities10923