Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2018/01/10 1:19 p.m.•102 views

USN-3523-2: Linux kernel (HWE) vulnerabilities

USN-3523-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch...

7.8CVSS7.3AI score0.84172EPSS
Exploits19
Ubuntu
Ubuntu
•added 2018/01/10 12:57 p.m.•56 views

USN-3526-1: SSSD vulnerability

It was discovered that SSSD incorrectly handled certain inputs when querying its local cache. An attacker could use this to inject arbitrary code and expose sensitive information...

8.8CVSS7AI score0.01499EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/10 6:56 a.m.•80 views

USN-3525-1: Linux kernel vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/10 4:46 a.m.•82 views

USN-3524-2: Linux kernel (Trusty HWE) vulnerability

USN-3524-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and indirect...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/09 11:57 p.m.•71 views

USN-3524-1: Linux kernel vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/09 11:10 p.m.•93 views

USN-3522-1: Linux kernel vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/09 11:7 p.m.•166 views

USN-3523-1: Linux kernel vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory...

7.8CVSS7.2AI score0.84172EPSS
Exploits19
Ubuntu
Ubuntu
•added 2018/01/09 11:5 p.m.•81 views

USN-3522-2: Linux (Xenial HWE) vulnerability

USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that microprocessors utilizing speculative execution and indirect...

5.6CVSS7.1AI score0.84172EPSS
Exploits3
Ubuntu
Ubuntu
•added 2018/01/09 2:52 p.m.•111 views

USN-3521-1: NVIDIA graphics drivers vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

5.6CVSS7.1AI score0.93838EPSS
Exploits9
Ubuntu
Ubuntu
•added 2018/01/08 4:19 p.m.•46 views

USN-3520-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...

8.1CVSS7.1AI score0.0252EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/08 3:38 p.m.•75 views

USN-3519-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. CVE-2017-5647 It was discovered that Tomcat incorrectly used the appropriate facade...

9.1CVSS6.7AI score0.1684EPSS
Exploits1
Ubuntu
Ubuntu
•added 2018/01/08 3:27 p.m.•76 views

USN-3518-1: AWStats vulnerability

It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.7AI score0.04352EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/08 2:3 p.m.•54 views

USN-3517-1: poppler vulnerabilities

It was discovered that poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could execute arbitrary. CVE-2017-1000456 It was discovered that poppler incorrectly handled certain files. If a user or automated system were...

8.8CVSS7AI score0.02585EPSS
Exploits2
Ubuntu
Ubuntu
•added 2018/01/05 9:18 p.m.•106 views

USN-3516-1: Firefox vulnerabilities

It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

5.6CVSS7.4AI score0.93838EPSS
Exploits13
Ubuntu
Ubuntu
•added 2018/01/04 3:49 p.m.•66 views

USN-3515-1: Ruby vulnerability

It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution...

9.3CVSS7.4AI score0.73927EPSS
Exploits5
Ubuntu
Ubuntu
•added 2018/01/04 1:34 p.m.•156 views

USN-3430-3: Dnsmasq regression

USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq...

7.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/03 9:22 p.m.•47 views

USN-3480-3: Apport regression

USN-3480-2 fixed regressions in Apport. The update introduced a new regression in the container support. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2018/01/03 5:52 p.m.•57 views

USN-3514-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.3AI score0.024EPSS
Exploits0
Ubuntu
Ubuntu
•added 2018/01/03 12:53 p.m.•82 views

USN-3477-4: Firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/12/18 1:23 p.m.•97 views

USN-3382-2: PHP vulnerabilities

USN-3382-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass...

9.8CVSS7.1AI score0.07511EPSS
Exploits6
Ubuntu
Ubuntu
•added 2017/12/15 9:7 a.m.•70 views

USN-3509-4: Linux kernel (Xenial HWE) regression

USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

7AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2017/12/15 8:27 a.m.•82 views

USN-3509-3: Linux kernel regression

USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. Unfortunately, it also introduced a regression that prevented the Ceph network filesystem from being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Mohamed Ghannam...

7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/12/13 2:26 p.m.•61 views

USN-3513-2: libxml2 vulnerability

USN-3513-1 fixed a vulnerability in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to...

8.8CVSS7.9AI score0.02963EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/12/13 1:27 p.m.•53 views

USN-3513-1: libxml2 vulnerability

It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...

8.8CVSS7.9AI score0.02963EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/12/11 6:49 p.m.•75 views

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

5.9CVSS6.4AI score0.78675EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/12/08 3:47 a.m.•68 views

USN-3507-2: Linux kernel (GCP) vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.8AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/08 12:34 a.m.•63 views

USN-3511-1: Linux kernel (Azure) vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.6AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/08 12:20 a.m.•75 views

USN-3510-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3510-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink...

7.8CVSS6.7AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/08 12:14 a.m.•75 views

USN-3510-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.6AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 11:34 p.m.•76 views

USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink...

7.8CVSS6.8AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 11:17 p.m.•81 views

USN-3509-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.8AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 10:33 p.m.•57 views

USN-3508-2: Linux kernel (HWE) vulnerabilities

USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsyste...

7.8CVSS6.4AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 10:13 p.m.•81 views

USN-3508-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.4AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 10:8 p.m.•62 views

USN-3507-1: Linux kernel vulnerabilities

Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem XFRM in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16939 It was discovered that the Linux kernel did not...

7.8CVSS6.8AI score0.02841EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/12/07 1:49 p.m.•59 views

USN-3506-2: rsync vulnerabilities

USN-3506-1 fixed two vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access...

9.8CVSS7.1AI score0.03362EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/07 1:2 p.m.•51 views

USN-3506-1: rsync vulnerabilities

It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. CVE-2017-17433 It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitizepaths protection...

9.8CVSS7.1AI score0.03362EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/06 6:58 a.m.•72 views

USN-3505-1: Linux firmware vulnerabilities

Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. CVE-2017-13080, CVE-2017-13081...

5.3CVSS7.2AI score0.02285EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/05 2:24 p.m.•55 views

USN-3504-2: libxml2 vulnerability

USN-3504-1 fixed a vulnerability in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause...

7.5CVSS7.3AI score0.05928EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/05 1:44 p.m.•57 views

USN-3504-1: libxml2 vulnerability

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...

7.5CVSS7.2AI score0.05928EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/04 3:24 p.m.•68 views

USN-3498-2: curl vulnerability

USN-3498-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that curl incorrectly handled FTP wildcard matching. A remote attacker could use this issue to cause curl to crash, resulting in a denial of...

9.8CVSS7.1AI score0.11175EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/04 2:18 p.m.•52 views

USN-3503-1: Evince vulnerability

It was discovered that Evince incorrectly handled printing certain DVI files. If a user were tricked into opening and printing a specially-named DVI file, an attacker could use this issue to execute arbitrary code...

7.8CVSS7.1AI score0.01406EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/12/01 6:1 p.m.•58 views

USN-3477-3: Firefox regressions

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/12/01 2:1 p.m.•66 views

USN-3490-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to bypass same-origin restrictions, cause a denial of service via application crash, or execute arbitra...

10CVSS7.8AI score0.07439EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/29 6:6 p.m.•53 views

USN-3501-1: libxcursor vulnerability

It was discovered that libxcursor incorrectly handled certain files. An attacker could use these issues to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.8AI score0.05173EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/29 6:1 p.m.•44 views

USN-3500-1: libXfont vulnerability

It was discovered that libXfont incorrectly followed symlinks when opening font files. A local unprivileged user could use this issue to cause the X server to access arbitrary files, including special device files...

5.5CVSS6.5AI score0.0042EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/29 5:53 p.m.•56 views

USN-3499-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain BDAT data headers. A remote attacker could possibly use this issue to cause Exim to crash, resulting in a denial of service...

7.5CVSS8.3AI score0.6332EPSS
Exploits7
Ubuntu
Ubuntu
•added 2017/11/29 1:19 p.m.•62 views

USN-3498-1: curl vulnerabilities

Alex Nichols discovered that curl incorrectly handled NTLM authentication credentials. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10...

9.8CVSS7.5AI score0.11175EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/29 7:41 a.m.•105 views

USN-3497-1: OpenJDK 7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

9.6CVSS6.5AI score0.16181EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/11/28 7:37 p.m.•53 views

USN-3496-3: Python vulnerability

USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.07944EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/28 4:57 p.m.•53 views

USN-3496-2: Python vulnerability

USN-3496-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.07944EPSS
Exploits0
Total number of security vulnerabilities10923