Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2018/02/07 6:43 p.m.•72 views

USN-3562-1: MiniUPnP vulnerabilities

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library...

7.8CVSS7.7AI score0.00466EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/02/07 4:43 p.m.•129 views

USN-3561-1: libvirt update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...

5.6CVSS7.2AI score0.74041EPSS
Exploits9
Ubuntu
Ubuntu
•added 2018/02/07 4:29 p.m.•103 views

USN-3560-1: QEMU update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...

5.6CVSS7.2AI score0.74041EPSS
Exploits9
Ubuntu
Ubuntu
•added 2018/02/07 12:38 p.m.•74 views

USN-3559-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188...

7.5CVSS6.5AI score0.23566EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/05 6:9 p.m.•68 views

USN-3558-1: systemd vulnerabilities

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service. This issue on...

7.5CVSS6.5AI score0.23633EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/05 6:9 p.m.•68 views

USN-3557-1: Squid vulnerabilities

Mathias Fischer discovered that Squid incorrectly handled certain long strings in headers. A malicious remote server could possibly cause Squid to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 16.04 LTS. CVE-2016-2569 William Lima discovered that Squid incorrect...

7.5CVSS6.8AI score0.35265EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/05 4:5 p.m.•64 views

USN-3550-2: ClamAV vulnerabilities

USN-3550-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash,...

10CVSS7.7AI score0.12548EPSS
Exploits7
Ubuntu
Ubuntu
•added 2018/02/01 8:27 p.m.•56 views

USN-3556-2: Dovecot vulnerabilities

USN-3556-1 fixed vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to bypass authentication and access sensitive information. CVE-2013-6171...

7.5CVSS6.8AI score0.0312EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/01 6:18 p.m.•57 views

USN-3556-1: Dovecot vulnerability

It was discovered that Dovecot incorrectly handled certain authentications. An attacker could possibly use this to cause a denial of service...

7.5CVSS6.7AI score0.0312EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/02/01 4:32 p.m.•52 views

USN-3555-2: w3m vulnerabilities

USN-3555-2 fixed vulnerabilities in w3m. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It...

7.5CVSS6.7AI score0.04391EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/02/01 1:25 p.m.•68 views

USN-3555-1: w3m vulnerabilities

It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...

7.5CVSS6.6AI score0.04391EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/02/01 12:1 a.m.•60 views

USN-3554-2: curl vulnerability

USN-3554-1 fixed vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl could accidentally leak authentication data. An attacker could possibly use this to get access to sensitive information...

9.8CVSS7.1AI score0.08031EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/31 10:17 p.m.•61 views

USN-3554-1: curl vulnerabilities

It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication...

9.8CVSS7AI score0.08031EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/31 4:53 p.m.•41 views

USN-3552-1: Firefox vulnerability

Johann Hofmann discovered that HTML fragments created for chrome-privileged documents were not properly sanitized. An attacker could exploit this to execute arbitrary code. CVE-2018-5124...

6.1CVSS8.2AI score0.01013EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/31 2:11 p.m.•66 views

USN-3553-1: Ruby vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...

9.8CVSS7.8AI score0.29442EPSS
Exploits4
Ubuntu
Ubuntu
•added 2018/01/30 9:5 p.m.•75 views

USN-3551-1: WebKitGTK+ vulnerabilities

Multiple security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the user interface, or execute arbitrary code. CVE-2018-4088,...

8.8CVSS7.1AI score0.02689EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/30 5:41 p.m.•57 views

USN-3550-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain mail messages. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380 It was discovered...

10CVSS7.7AI score0.12548EPSS
Exploits7
Ubuntu
Ubuntu
•added 2018/01/29 10:37 p.m.•83 views

USN-3529-1: Thunderbird vulnerabilities

It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. CVE-2017-7829 It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a...

9.8CVSS7.7AI score0.07262EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/29 6:35 p.m.•94 views

USN-3549-1: Linux kernel (KVM) vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. CVE-2017-5715,...

5.6CVSS7.2AI score0.93838EPSS
Exploits12References1
Ubuntu
Ubuntu
•added 2018/01/26 8:20 a.m.•40 views

USN-3548-2: Linux kernel (HWE) vulnerability

USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/26 8:17 a.m.•39 views

USN-3548-1: Linux kernel vulnerability

Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/25 7:23 p.m.•59 views

USN-3547-1: Libtasn1 vulnerabilities

It was discovered that Libtasn1 incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-10790 It was discovered that Libtasn1...

7.5CVSS6.7AI score0.0499EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/25 1:57 p.m.•70 views

USN-3537-2: MySQL vulnerabilities

USN-3537-1 fixed vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in...

7.5CVSS6.9AI score0.03952EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/24 8:27 p.m.•65 views

USN-3544-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, spoof the origin in audio capture prompts, trick the user in to providing HTTP...

10CVSS7.7AI score0.20024EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/24 6:0 p.m.•50 views

USN-3546-1: gcab vulnerability

Richard Hughes discovered that gcab incorrectly handled certain malformed cabinet files. If a user or automated system were tricked into opening a specially crafted cabinet file, a remote attacker could use this issue to cause gcab to crash, resulting in a denial of service, or possibly execute...

7.8CVSS6.7AI score0.02185EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/23 6:29 p.m.•72 views

USN-3543-2: rsync vulnerabilities

USN-3543-1 fixed vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code...

9.8CVSS7.5AI score0.06337EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/23 12:45 p.m.•70 views

USN-3543-1: rsync vulnerabilities

It was discovered that rsync incorrectly handled certain data input. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2017-16548 It was discovered that rsync incorrectly parsed certain arguments. An attacker could possibly use this to bypass argument...

9.8CVSS7.4AI score0.06337EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/23 1:20 a.m.•86 views

USN-3542-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3542-1 addressed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and bran...

5.6CVSS7.2AI score0.93838EPSS
Exploits12References1
Ubuntu
Ubuntu
•added 2018/01/23 1:18 a.m.•96 views

USN-3541-2: Linux kernel (HWE) vulnerabilities

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and branch...

5.6CVSS7.4AI score0.93838EPSS
Exploits13References1
Ubuntu
Ubuntu
•added 2018/01/23 1:2 a.m.•121 views

USN-3542-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

5.6CVSS7.3AI score0.93838EPSS
Exploits12References1
Ubuntu
Ubuntu
•added 2018/01/23 12:42 a.m.•111 views

USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and bran...

5.6CVSS7.4AI score0.93838EPSS
Exploits13References1
Ubuntu
Ubuntu
•added 2018/01/23 12:40 a.m.•86 views

USN-3541-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

5.6CVSS7.5AI score0.93838EPSS
Exploits13References1
Ubuntu
Ubuntu
•added 2018/01/23 12:26 a.m.•103 views

USN-3540-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

5.6CVSS7.5AI score0.93838EPSS
Exploits13References1
Ubuntu
Ubuntu
•added 2018/01/22 5:43 p.m.•64 views

USN-3539-1: GIMP vulnerabilities

It was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code. CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789...

7.8CVSS7AI score0.01952EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/22 4:50 p.m.•230 views

USN-3538-1: OpenSSH vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

7.8CVSS7AI score0.37431EPSS
Exploits8
Ubuntu
Ubuntu
•added 2018/01/22 4:35 p.m.•72 views

USN-3537-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.59 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS, and Ubuntu 17.10 have been updated to MySQL 5.7.21. In addition to security fixes, the updated packag...

7.8CVSS6.5AI score0.0452EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/22 4:9 p.m.•87 views

USN-3531-2: Intel Microcode regression

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release. Original...

7.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/17 2:57 p.m.•50 views

USN-3535-2: Bind vulnerability

USN-3535-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause...

7.5CVSS7AI score0.27725EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/17 1:51 p.m.•64 views

USN-3536-1: GNU C Library vulnerability

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001...

7.8CVSS8.3AI score0.13614EPSS
Exploits9
Ubuntu
Ubuntu
•added 2018/01/17 12:57 p.m.•92 views

USN-3534-1: GNU C Library vulnerabilities

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001 A memory leak was...

9.8CVSS8.2AI score0.13614EPSS
Exploits16
Ubuntu
Ubuntu
•added 2018/01/17 12:28 p.m.•60 views

USN-3535-1: Bind vulnerability

Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

7.5CVSS7AI score0.27725EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/16 8:13 p.m.•61 views

USN-3533-1: Transmission vulnerability

It was discovered that Transmission incorrectly handled certain POST requests to the RPC server and allowed DNS rebinding attack. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS8.6AI score0.11926EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/15 4:53 p.m.•65 views

USN-3532-1: GDK-PixBuf vulnerabilities

It was discoreved that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-1000422 Ariel Zelivansky discovered that GDK-PixBuf incorrectly handled certain images. An...

8.8CVSS7.1AI score0.02021EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/11 7:35 p.m.•359 views

USN-3531-1: Intel Microcode update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. CVE-2017-5715 This...

5.6CVSS7.2AI score0.74041EPSS
Exploits9
Ubuntu
Ubuntu
•added 2018/01/11 1:59 p.m.•90 views

USN-3530-1: WebKitGTK+ vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

5.6CVSS7.4AI score0.93838EPSS
Exploits12
Ubuntu
Ubuntu
•added 2018/01/10 2:53 p.m.•74 views

USN-3522-4: Linux kernel (Xenial HWE) regression

USN-3522-2 fixed a vulnerability in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience...

7.1AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2018/01/10 2:51 p.m.•74 views

USN-3522-3: Linux kernel regression

USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown CVE-2017-5754. Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jann Horn...

7.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/10 2:22 p.m.•75 views

USN-3528-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-10784 It was discovered that Ruby incorrectly handled...

9.8CVSS7.8AI score0.16412EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/01/10 1:30 p.m.•61 views

USN-3527-1: Irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...

9.8CVSS8.4AI score0.02439EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/10 1:27 p.m.•126 views

USN-3523-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-1786...

7.8CVSS6.8AI score0.30052EPSS
Exploits16
Total number of security vulnerabilities10923