Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2019/01/22 1:12 p.m.•109 views

USN-3863-2: APT vulnerability

USN-3863-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack...

9.3CVSS6.9AI score0.14555EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/22 12:18 p.m.•430 views

USN-3863-1: APT vulnerability

Max Justicz discovered that APT incorrectly handled certain parameters during redirects. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...

9.3CVSS6.9AI score0.14555EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/17 12:47 p.m.•83 views

USN-3862-1: Irssi vulnerability

It was discovered that Irssi incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or to execute arbitrary code...

9.8CVSS8.6AI score0.02543EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/16 6:28 p.m.•102 views

USN-3861-2: PolicyKit vulnerability

USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform...

9CVSS7.4AI score0.11483EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/01/16 6:18 p.m.•141 views

USN-3861-1: PolicyKit vulnerability

It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions...

9CVSS7.4AI score0.11483EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/01/15 6:0 p.m.•121 views

USN-3860-2: libcaca vulnerabilities

USN-3860-1 fixed a vulnerability in libcaca. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20544 It...

8.8CVSS6.8AI score0.02389EPSS
Exploits6
Ubuntu
Ubuntu
•added 2019/01/15 4:6 p.m.•130 views

USN-3860-1: libcaca vulnerabilities

It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. CVE-2018-20544 It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS6.7AI score0.02389EPSS
Exploits6
Ubuntu
Ubuntu
•added 2019/01/15 1:40 p.m.•215 views

USN-3859-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-1000880 affected only Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880 It was discovered that...

8.8CVSS6.4AI score0.04575EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/15 11:37 a.m.•150 views

USN-3858-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled certain requests. An attacker could possibly use this to expose sensitive information. CVE-2018-20102 It was discovered that HAProxy incorrectly handled certain requests. A attacker could possibly use this issue to cause a denial of service. This...

7.5CVSS6.5AI score0.06593EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/14 5:53 p.m.•96 views

USN-3857-1: PEAR vulnerability

Fariskhi Vidyan discovered that PEAR ArchiveTar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.8AI score0.19207EPSS
Exploits5
Ubuntu
Ubuntu
•added 2019/01/14 1:45 p.m.•152 views

USN-3856-1: GNOME Bluetooth vulnerability

Chris Marchesi discovered that BlueZ incorrectly handled disabling Bluetooth visibility. A remote attacker could possibly pair to devices, contrary to expectations. This update adds a workaround to GNOME Bluetooth to fix the issue...

4.5CVSS5.6AI score0.00458EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/01/11 2:8 p.m.•225 views

USN-3855-1: systemd vulnerabilities

It was discovered that systemd-journald allocated variable-length buffers for certain message fields on the stack. A local attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-16864 It was discovered that systemd-journald allocated...

7.8CVSS6.8AI score0.02958EPSS
Exploits4
Ubuntu
Ubuntu
•added 2019/01/10 7:38 p.m.•67 views

USN-3854-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.9AI score0.01469EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/10 5:44 p.m.•88 views

USN-3853-1: GnuPG vulnerability

Ben Fuhrmannek discovered that GnuPG incorrectly handled Web Key Directory lookups. A remote attacker could possibly use this issue to cause a denial of service, or perform Cross-Site Request Forgery attacks...

8.8CVSS7AI score0.01041EPSS
Exploits1
Ubuntu
Ubuntu
•added 2019/01/10 3:40 p.m.•112 views

USN-3852-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2017-9239 only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-11591, CVE-2017-11683, CVE-2017-14859, CVE-2017-14862, CVE-2017-14864, CVE-2017-17669...

7.5CVSS6.3AI score0.03098EPSS
Exploits6
Ubuntu
Ubuntu
•added 2019/01/09 5:52 p.m.•66 views

USN-3851-1: Django vulnerability

It was discovered that Django incorrectly handled the default 404 page. A remote attacker could use this issue to spoof content using a malicious URL...

6.5CVSS6.5AI score0.03685EPSS
Exploits0
Ubuntu
Ubuntu
•added 2019/01/09 5:41 p.m.•268 views

USN-3850-1: NSS vulnerabilities

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...

5.9CVSS6.2AI score0.44398EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/20 11:42 p.m.•92 views

USN-3848-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kerne...

9.8CVSS6.9AI score0.03399EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 11:39 p.m.•95 views

USN-3849-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 11:36 p.m.•114 views

USN-3849-1: Linux kernel vulnerabilities

It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2017-2647 It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to ...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 11:11 p.m.•146 views

USN-3848-1: Linux kernel vulnerabilities

It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-18174 It was discovered that an integer overrun vulnerability existed in the POSIX timers...

9.8CVSS6.9AI score0.03399EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 11:8 p.m.•78 views

USN-3847-3: Linux kernel (Azure) vulnerabilities

USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leadi...

7.8CVSS6.8AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 10:57 p.m.•76 views

USN-3847-2: Linux kernel (HWE) vulnerabilities

USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 10:39 p.m.•91 views

USN-3847-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-10902 It was discovered that an integer overr...

7.8CVSS6.7AI score0.00683EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/20 10:10 p.m.•95 views

USN-3846-1: Linux kernel vulnerability

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information kernel memory...

5.5CVSS6.7AI score0.00501EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/12/12 11:52 a.m.•58 views

USN-3845-1: FreeRDP vulnerabilities

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-8784,...

9.8CVSS7.5AI score0.08357EPSS
Exploits6
Ubuntu
Ubuntu
•added 2018/12/11 11:18 p.m.•61 views

USN-3844-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. CVE-2018-12405, CVE-2018-12406, CVE-2018-1240...

9.8CVSS7.7AI score0.09646EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/11 6:38 p.m.•41 views

USN-3843-2: pixman vulnerability

USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that pixman incorrectly handled the generalcompositerect function. A remote attacker could use this issue to cause pixman to crash, resultin...

9.8CVSS8.1AI score0.01488EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/11 5:34 p.m.•42 views

USN-3843-1: pixman vulnerability

It was discovered that pixman incorrectly handled the generalcompositerect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.1AI score0.01488EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/11 4:16 p.m.•63 views

USN-3837-2: poppler regression

USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use...

6.5CVSS6.4AI score0.02882EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/12/10 4:15 p.m.•92 views

USN-3842-1: CUPS vulnerability

Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery CSRF attacks...

6.8AI score
Exploits1
Ubuntu
Ubuntu
•added 2018/12/10 1:47 p.m.•70 views

USN-3841-2: lxml vulnerability

USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

6.1CVSS6.7AI score0.02438EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/10 12:3 p.m.•63 views

USN-3841-1: lxml vulnerability

It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

6.1CVSS6.6AI score0.02438EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/06 6:21 p.m.•46 views

USN-3831-2: Ghostscript regression

USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. Original advisory details: It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked int...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/12/06 5:43 p.m.•902 views

USN-3840-1: OpenSSL vulnerabilities

Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. CVE-2018-0734 Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly...

5.9CVSS7AI score0.12154EPSS
Exploits4
Ubuntu
Ubuntu
•added 2018/12/06 1:54 p.m.•53 views

USN-3839-1: WavPack vulnerabilities

It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-19840, CVE-2018-19841...

5.5CVSS5.9AI score0.02542EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/06 2:25 a.m.•71 views

USN-3838-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.8CVSS6.8AI score0.02194EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/12/05 4:30 p.m.•89 views

USN-3811-3: SpamAssassin vulnerabilities

USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.4AI score0.1082EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/12/04 11:47 a.m.•64 views

USN-3837-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060 It was discovered that poppler incorrectly handled certain PDF files. An attacker could...

6.5CVSS6.3AI score0.02882EPSS
Exploits5
Ubuntu
Ubuntu
•added 2018/12/04 4:49 a.m.•82 views

USN-3836-2: Linux kernel (HWE) vulnerabilities

USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside...

7CVSS6.9AI score0.07611EPSS
Exploits25
Ubuntu
Ubuntu
•added 2018/12/03 7:40 p.m.•69 views

USN-3836-1: Linux kernel vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

7CVSS6.9AI score0.07611EPSS
Exploits25
Ubuntu
Ubuntu
•added 2018/12/03 7:15 p.m.•118 views

USN-3835-1: Linux kernel vulnerabilities

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...

7.8CVSS6.9AI score0.07611EPSS
Exploits28
Ubuntu
Ubuntu
•added 2018/12/03 6:53 p.m.•114 views

USN-3834-2: Perl vulnerabilities

USN-3834-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of...

9.8CVSS7.5AI score0.11676EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/12/03 5:36 p.m.•204 views

USN-3834-1: Perl vulnerabilities

Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-18311 Eiichi Tsukata discovered that Perl incorrectly handled certain regular expression...

9.8CVSS7.5AI score0.12093EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/11/30 6:31 a.m.•70 views

USN-3833-1: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...

7CVSS6.9AI score0.07611EPSS
Exploits25
Ubuntu
Ubuntu
•added 2018/11/30 6:19 a.m.•99 views

USN-3832-1: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...

7.8CVSS6.9AI score0.07611EPSS
Exploits28
Ubuntu
Ubuntu
•added 2018/11/29 2:42 p.m.•42 views

USN-3795-3: libssh regression

USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/11/29 1:1 p.m.•69 views

USN-3831-1: Ghostscript vulnerabilities

It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...

9.8CVSS8.3AI score0.09548EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/11/28 8:19 a.m.•41 views

USN-3830-1: OpenJDK regression

USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. We apologize for the inconvenience...

5.4AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2018/11/27 7:34 p.m.•68 views

USN-3827-2: Samba vulnerabilities

USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denia...

6.5CVSS6.8AI score0.05192EPSS
Exploits1
Total number of security vulnerabilities10923