Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
added 2018/03/20 5:20 p.m.70 views

USN-3602-1: LibTIFF vulnerabilities

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

8.8CVSS7.2AI score0.07482EPSS
Exploits13
Ubuntu
Ubuntu
added 2018/03/19 6:53 p.m.57 views

USN-3601-1: Memcached vulnerability

It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service...

7.5CVSS7AI score0.02316EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/19 11:53 a.m.129 views

USN-3600-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. CVE-2016-10712 It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker...

9.8CVSS8AI score0.87606EPSS
Exploits4
Ubuntu
Ubuntu
added 2018/03/16 9:48 p.m.54 views

USN-3599-1: Firefox vulnerability

An out-of-bounds write was discovered when processing Vorbis audio data. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2018-5146...

8.8CVSS7.7AI score0.12054EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/15 12:2 p.m.103 views

USN-3598-1: curl vulnerabilities

Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-1000120 Dario Weisser discovered that curl incorrectly handled certain LDAP URLs. An attacker could possibly use this issue t...

9.8CVSS7AI score0.12058EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/15 6:43 a.m.88 views

USN-3597-2: Linux kernel (HWE) vulnerabilities

USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown CVE-2017-5715,...

5.6CVSS7.3AI score0.93838EPSS
Exploits13References2
Ubuntu
Ubuntu
added 2018/03/15 6:38 a.m.92 views

USN-3597-1: Linux kernel vulnerabilities

USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn...

5.6CVSS7.3AI score0.93838EPSS
Exploits13References2
Ubuntu
Ubuntu
added 2018/03/14 9:56 p.m.89 views

USN-3596-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...

9.8CVSS7.6AI score0.08024EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/03/13 2:28 p.m.72 views

USN-3595-1: Samba vulnerabilities

Björn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. CVE-2018-1057 It was discovered that...

8.8CVSS7AI score0.10308EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/03/09 9:2 a.m.91 views

USN-3594-1: Linux kernel vulnerability

USN-3542-1 mitigated CVE-2017-5715 Spectre Variant 2 for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the compiler-based retpoline kernel mitigation for the amd64 and i386 architectures. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative...

5.6CVSS7.2AI score0.74041EPSS
Exploits9References1
Ubuntu
Ubuntu
added 2018/03/08 3:26 p.m.55 views

USN-3592-2: ClamAV vulnerabilities

USN-3592-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resultin...

5.5CVSS6.8AI score0.02672EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/08 2:27 p.m.58 views

USN-3593-1: Zsh vulnerabilities

It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. CVE-2014-10070 It was discovered that Zsh incorrectly handled certain inputs. An attacker coul...

9.8CVSS7.5AI score0.03173EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/08 12:16 p.m.60 views

USN-3592-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-0202 Hanno Böck discovered that ClamAV incorrectly handled parsing certain X...

5.5CVSS6.8AI score0.02672EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/07 3:55 p.m.65 views

USN-3579-3: LibreOffice regression

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user's home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovere...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
added 2018/03/06 3:17 p.m.63 views

USN-3591-1: Django vulnerabilities

James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service...

5.3CVSS6.1AI score0.04772EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/06 1:34 p.m.56 views

USN-3590-1: Irssi vulnerabilities

It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. CVE-2018-7050 It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information...

9.8CVSS8.4AI score0.02494EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/06 8:36 a.m.64 views

USN-3589-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain settings. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.5AI score0.14142EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2018/03/05 4:8 p.m.145 views

USN-3585-1: Twisted vulnerability

It was discovered that Twisted incorrectly handled certain HTTP requests. An attacker could possibly use this issue to execute arbitrary code...

5.3CVSS6AI score0.02406EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/05 3:2 p.m.76 views

USN-3588-1: Memcached vulnerabilities

Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service daemon crash. CVE-2017-9951 It was discovered that Memcached listened to UDP by default. A remote attacker could use this as part of a distributed denial of service...

7.5CVSS7AI score0.8864EPSS
Exploits4
Ubuntu
Ubuntu
added 2018/03/05 12:43 p.m.55 views

USN-3587-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled parsing certain email addresses. A remote attacker could use this issue to cause Dovecot to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2017-14461 It was discovered that Dovecot incorrectly handled TLS S...

7.1CVSS6.8AI score0.16979EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/03/05 9:43 a.m.73 views

USN-3575-2: QEMU regression

USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that QEMU incorrectly handled guest...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2018/03/01 5:47 p.m.78 views

USN-3586-1: DHCP vulnerabilities

Konstantin Orekhov discovered that the DHCP server incorrectly handled a large number of concurrent TCP sessions. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-2774 It was discovered that the...

7.5CVSS6.8AI score0.73622EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/28 11:52 p.m.73 views

USN-3579-2: LibreOffice regression

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was no longer possible for LibreOffice to open documents from certain locations outside of the user's home directory. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovere...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
added 2018/02/26 2:31 p.m.68 views

USN-3584-1: sensible-utils vulnerability

Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to conduct an argument injection attack and execute arbitrary code...

8.8CVSS8.3AI score0.02217EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/02/23 9:22 a.m.80 views

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out-of-bounds write vulnerability existed in the...

10CVSS7.2AI score0.52841EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/02/23 9:14 a.m.129 views

USN-3583-1: Linux kernel vulnerabilities

It was discovered that an out-of-bounds write vulnerability existed in the Flash-Friendly File System f2fs in the Linux kernel. An attacker could construct a malicious file system that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-0750 It...

10CVSS7.6AI score0.84172EPSS
Exploits17
Ubuntu
Ubuntu
added 2018/02/23 6:57 a.m.95 views

USN-3581-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 ChunYu Wang discovered that a...

7.8CVSS6.8AI score0.01344EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/02/22 10:6 a.m.98 views

USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3582-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel...

7.8CVSS7.4AI score0.74041EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/02/22 9:11 a.m.108 views

USN-3582-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 Laurent Guerby discovered that...

7.8CVSS7.4AI score0.74041EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/02/22 8:46 a.m.78 views

USN-3581-2: Linux kernel (HWE) vulnerabilities

USN-3581-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contain...

7.8CVSS7.4AI score0.74041EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/02/22 8:25 a.m.82 views

USN-3581-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that the IPv4 raw socket implementation in the Linux kernel contained a race condition leading to uninitialized pointer usage. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2017-17712 ChunYu Wang discovered that a...

7.8CVSS7.4AI score0.74041EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/02/22 1:56 a.m.49 views

USN-3578-1: WavPack vulnerabilities

It was discovered that WavPack incorrectly handled certain DSDIFF files. An attacker could possibly use this to execute arbitrary code or cause a denial of service. CVE-2018-7253 It was discovered that WavPack incorrectly handled certain CAF files. An attacker could possibly use this to cause a...

7.8CVSS7.8AI score0.09905EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/02/22 12:10 a.m.92 views

USN-3580-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.2AI score0.93838EPSS
Exploits12References1
Ubuntu
Ubuntu
added 2018/02/21 9:51 p.m.59 views

USN-3579-1: LibreOffice vulnerability

It was discovered that =WEBSERVICE calls in a document could be used to read arbitrary files. If a user were tricked in to opening a specially crafted document, a remote attacker could exploit this to obtain sensitive information. CVE-2018-6871...

9.8CVSS7.2AI score0.23204EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/02/21 12:5 a.m.55 views

USN-3577-1: CUPS vulnerability

Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information...

7.5CVSS6.8AI score0.02979EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/02/20 7:20 p.m.80 views

USN-3576-1: libvirt vulnerabilities

Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.0...

9.8CVSS7AI score0.03623EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/20 7:12 p.m.77 views

USN-3575-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-11334 David Buchanan discovered that QEMU...

10CVSS7.4AI score0.11931EPSS
Exploits5
Ubuntu
Ubuntu
added 2018/02/19 7:48 p.m.49 views

USN-3574-1: Bind vulnerability

It was discovered that Bind incorrectly handled DNSSEC validation. An attacker could possibly use this to cause a denial of service...

7.5CVSS7.3AI score0.01386EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/16 12:32 a.m.89 views

USN-3573-1: Quagga vulnerabilities

It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-5379 It was discovered that the Quagga BGP daemon did not...

9.8CVSS7.5AI score0.74599EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/14 5:33 p.m.75 views

USN-3572-1: FreeType vulnerability

It was discovered that FreeType incorrectly handled certain files. An attacker could possibly use this to cause a denial of service...

6.5CVSS6.8AI score0.02124EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/14 2:54 p.m.126 views

USN-3571-1: Erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

9.8CVSS6.7AI score0.22098EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/02/14 2:43 p.m.65 views

USN-3570-1: AdvanceCOMP vulnerability

Joonun Jang discovered that AdvanceCOMP incorrectly handled certain malformed zip files. If a user or automated system were tricked into processing a specially crafted zip file, a remote attacker could cause AdvanceCOMP to crash, resulting in a denial of service, or possibly execute arbitrary cod...

7.8CVSS5.7AI score0.01422EPSS
Exploits1
Ubuntu
Ubuntu
added 2018/02/13 6:49 p.m.58 views

USN-3569-1: libvorbis vulnerabilities

It was discovered that libvorbis incorrectly handled certain sound files. An attacker could possibly use this to execute arbitrary code. CVE-2017-14632 It was discovered that libvorbis incorrectly handled certain sound files. An attacker could use this to cause a denial of service. CVE-2017-14633...

9.8CVSS6.9AI score0.05705EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/12 10:54 p.m.71 views

USN-3544-2: Firefox regressions

USN-3544-1 fixed vulnerabilities in Firefox. The update caused a web compatibility regression and a tab crash during printing in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. I...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2018/02/12 6:15 p.m.58 views

USN-3568-1: WavPack vulnerabilities

Hanno Böck discovered that WavPack incorrectly handled certain WV files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10169 Joonun Jang discovered that WavPack incorrectly handled certain RF64 files. An...

7.8CVSS6.4AI score0.02951EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/02/12 3:34 p.m.58 views

USN-3567-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled permissions when unpacking certain tarballs. A local user could possibly use this issue to execute arbitrary code...

5.5CVSS6.4AI score0.00363EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/12 3:29 p.m.115 views

USN-3566-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker could possibly use this issue to conduct cross-site scripting XSS attacks. CVE-2018-5712 It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use thi...

9.8CVSS7.2AI score0.79949EPSS
Exploits2
Ubuntu
Ubuntu
added 2018/02/12 3:19 p.m.98 views

USN-3565-1: Exim vulnerability

Meh Chang discovered that Exim incorrectly handled memory in certain decoding operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.3AI score0.82238EPSS
Exploits19
Ubuntu
Ubuntu
added 2018/02/09 12:22 p.m.75 views

USN-3564-1: PostgreSQL vulnerability

It was discovered that PostgreSQL incorrectly handled certain temp files. An attacker could possibly use this to access sensitive information...

7CVSS6.4AI score0.00491EPSS
Exploits0
Ubuntu
Ubuntu
added 2018/02/08 3:38 p.m.73 views

USN-3563-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...

6.1CVSS7.3AI score0.04569EPSS
Exploits3
Total number of security vulnerabilities10923