Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2017/11/28 3:34 p.m.•47 views

USN-3496-1: Python vulnerability

It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.07944EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/27 10:18 p.m.•65 views

USN-3477-2: Firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update caused search suggestions to not be displayed when performing Google searches from the search bar. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/11/27 6:31 p.m.•61 views

USN-3476-2: postgresql-common vulnerabilities

USN-3476-1 fixed two vulnerabilities in postgresql-common. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Dawid Golunski discovered that the postgresql-common pgctlcluster script incorrectly handled symlinks. A local attacker could possibly use this...

7.8CVSS6.6AI score0.00421EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/27 5:53 p.m.•65 views

USN-3495-1: OptiPNG vulnerability

It was discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7.4AI score0.01968EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/27 5:49 p.m.•47 views

USN-3494-1: XML::LibXML vulnerability

It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.9AI score0.07929EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/27 5:41 p.m.•59 views

USN-3493-1: Exim vulnerability

It was discovered that Exim incorrectly handled memory in the ESMTP CHUNKING extension. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the...

9.8CVSS8.6AI score0.46705EPSS
Exploits6
Ubuntu
Ubuntu
•added 2017/11/22 6:27 p.m.•74 views

USN-3492-1: LibRaw vulnerabilities

It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.2AI score0.05454EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/22 6:15 p.m.•42 views

USN-3491-1: ldns vulnerabilities

Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-3209 Stephan Zeisberg discovered that ldns incorrectly handled memory...

9.8CVSS8.3AI score0.02653EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/21 10:54 p.m.•65 views

USN-3489-2: Berkeley DB vulnerability

USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive informati...

7.8CVSS7.4AI score0.00567EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/21 10:25 p.m.•62 views

USN-3489-1: Berkeley DB vulnerability

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information...

7.8CVSS7.4AI score0.00567EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/21 6:44 p.m.•121 views

USN-3485-3: Linux kernel (AWS) vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...

7.8CVSS7.3AI score0.00962EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/11/21 6:23 p.m.•70 views

USN-3484-3: Linux kernel (GCP) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 6:15 p.m.•55 views

USN-3488-1: Linux kernel (Azure) vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 5:59 p.m.•81 views

USN-3487-1: Linux kernel vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...

7.8CVSS7.5AI score0.01155EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/11/21 5:45 p.m.•57 views

USN-3486-2: Samba vulnerability

USN-3486-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain...

7.5CVSS7.1AI score0.21408EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 1:44 p.m.•53 views

USN-3483-2: procmail vulnerability

USN-3483-1 fixed a vulnerability in procmail. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash,...

10CVSS8AI score0.12524EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 1:12 p.m.•62 views

USN-3486-1: Samba vulnerabilities

Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2017-14746 Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a...

9.8CVSS7.5AI score0.21408EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 6:49 a.m.•71 views

USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux...

7.8CVSS7.4AI score0.00962EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/11/21 6:23 a.m.•58 views

USN-3484-2: Linux kernel (HWE) vulnerability

USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/21 5:36 a.m.•91 views

USN-3485-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-15265 Eric Biggers discovered that the key...

7.8CVSS7.3AI score0.00962EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/11/21 1:3 a.m.•55 views

USN-3484-1: Linux kernel vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

7.8CVSS7.6AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/20 11:38 p.m.•52 views

USN-3480-2: Apport regressions

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash...

7.3AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2017/11/20 6:0 p.m.•65 views

USN-3483-1: procmail vulnerability

Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code...

10CVSS8AI score0.12524EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/16 3:8 p.m.•64 views

USN-3477-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP...

10CVSS7.8AI score0.07439EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/16 2:40 p.m.•45 views

USN-3482-1: ipsec-tools vulnerability

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain ISAKMP fragments. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service...

7.8CVSS6.9AI score0.02928EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/16 12:47 p.m.•55 views

USN-3481-1: WebKitGTK+ vulnerabilities

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.9AI score0.06712EPSS
Exploits40
Ubuntu
Ubuntu
•added 2017/11/15 7:22 p.m.•54 views

USN-3480-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. CVE-2017-14177 Sander Bos discovered that Apport incorrectly handled core dumps for...

7.8CVSS7.3AI score0.00448EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/14 5:23 p.m.•61 views

USN-3276-3: shadow vulnerability

USN-3276-1 and USN-3276-2 fixed vulnerabilities in shadow. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Sebastian Krahmer discovered integer overflows in shadow utilities. A local attacker could possibly cause them to crash or potentially gain...

5.5CVSS6.1AI score0.00279EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/14 12:29 p.m.•61 views

USN-3479-1: PostgreSQL vulnerabilities

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2017-15098 Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing...

8.1CVSS7.1AI score0.06324EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/13 6:8 p.m.•61 views

USN-3478-2: Perl vulnerability

USN-3478-1 fixed two vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a...

9.1CVSS7.7AI score0.05908EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/13 12:59 p.m.•63 views

USN-3478-1: Perl vulnerabilities

Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-12837, CVE-2017-12883...

9.1CVSS7.4AI score0.06207EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/09 7:28 p.m.•66 views

USN-3476-1: postgresql-common vulnerabilities

Dawid Golunski discovered that the postgresql-common pgctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-1255 It was discovered that the postgresql-common...

7.8CVSS6.5AI score0.00421EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/08 4:33 p.m.•61 views

USN-3346-3: Bind vulnerabilities

USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An...

7.5CVSS6.6AI score0.18157EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/11/08 7:48 a.m.•84 views

USN-3473-1: OpenJDK 8 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

9.6CVSS6.5AI score0.16181EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/11/06 6:34 p.m.•71 views

USN-3475-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly parsed the IPAddressFamily extension in X.509 certificates, resulting in an erroneous display of the certificate in text format. CVE-2017-3735 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery squaring procedure. While unlikely, a...

6.5CVSS6.8AI score0.17699EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/06 12:36 p.m.•48 views

USN-3474-1: Liblouis vulnerability

Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a denial of service or potentially execute arbitrary code...

7.8CVSS8AI score0.01549EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/02 1:38 p.m.•65 views

USN-3426-2: Samba vulnerabilities

USN-3426-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a...

7.4CVSS6.6AI score0.13228EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/11/02 12:45 p.m.•55 views

USN-3472-1: LibreOffice vulnerabilities

Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. CVE-2017-12607 Marcin Noga discovered that LibreOffice...

7.8CVSS6.7AI score0.02889EPSS
Exploits2
Ubuntu
Ubuntu
•added 2017/10/31 6:29 p.m.•99 views

USN-3470-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipcmsgbuild function in the...

7.8CVSS7.3AI score0.13378EPSS
Exploits11
Ubuntu
Ubuntu
•added 2017/10/31 6:10 p.m.•72 views

USN-3471-1: Quagga vulnerabilities

Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. CVE-2017-16227 Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. A...

7.8CVSS7.1AI score0.18803EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/31 10:29 a.m.•86 views

USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initializ...

7.8CVSS6.5AI score0.01155EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/10/31 10:25 a.m.•92 views

USN-3469-1: Linux kernel vulnerabilities

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2017-10911 Bo Zhang discovered tha...

7.8CVSS6.4AI score0.01155EPSS
Exploits4
Ubuntu
Ubuntu
•added 2017/10/31 10:13 a.m.•71 views

USN-3470-1: Linux kernel vulnerabilities

Qian Zhang discovered a heap-based buffer overflow in the tipcmsgbuild function in the Linux kernel. A local attacker could use to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-8632 Dmitry Vyukov discovered that a race condition...

7.8CVSS7.3AI score0.13378EPSS
Exploits11
Ubuntu
Ubuntu
•added 2017/10/31 9:20 a.m.•109 views

USN-3468-3: Linux kernel (GCP) vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service host system crash. CVE-2017-1000252 It was discovered that the Flash-Friendly File System f2fs implementation in the Linux...

7.8CVSS6.9AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/10/31 9:13 a.m.•66 views

USN-3468-2: Linux kernel (HWE) vulnerabilities

USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs...

7.8CVSS7AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/10/31 9:5 a.m.•77 views

USN-3468-1: Linux kernel vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service host system crash. CVE-2017-1000252 It was discovered that the Flash-Friendly File System f2fs implementation in the Linux...

7.8CVSS6.9AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/10/30 2:25 p.m.•75 views

USN-3459-2: MySQL vulnerabilities

USN-3459-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to...

6.5CVSS6.9AI score0.03237EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/10/30 1:38 p.m.•61 views

USN-3464-2: Wget vulnerabilities

USN-3464-1 fixed several vulnerabilities in Wget. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this...

9.3CVSS7.7AI score0.79855EPSS
Exploits9
Ubuntu
Ubuntu
•added 2017/10/30 12:47 p.m.•57 views

USN-3467-1: poppler vulnerability

It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service...

8.8CVSS7.5AI score0.02059EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/10/26 5:38 p.m.•62 views

USN-3466-1: systemd vulnerability

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez independently discovered that systemd-resolved incorrectly handled certain DNS responses. A remote attacker could possibly use this issue to cause systemd to temporarily stop responding, resulting in a denial of service...

7.5CVSS6.8AI score0.23633EPSS
Exploits0
Total number of security vulnerabilities10923