Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2017/09/25 7:24 p.m.•41 views

USN-3429-1: Libplist vulnerability

Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service...

5.5CVSS6.9AI score0.01461EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/21 8:55 p.m.•59 views

USN-3428-1: Emacs vulnerability

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file e.g., email messages in gnus, an attacker could possibly use this to execute arbitrary code...

8.8CVSS8.2AI score0.04009EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/09/21 8:17 p.m.•59 views

USN-3427-1: Emacs vulnerability

Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file e.g., email messages in gnus, an attacker could possibly use this to execute arbitrary code...

8.8CVSS8.2AI score0.04009EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/09/21 4:45 p.m.•72 views

USN-3426-1: Samba vulnerabilities

Stefan Metzmacher discovered that Samba incorrectly enforced SMB signing in certain situations. A remote attacker could use this issue to perform a machine-in-the-middle attack. CVE-2017-12150 Stefan Metzmacher discovered that Samba incorrectly handled encryption across DFS redirects. A remote...

7.4CVSS6.6AI score0.13228EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/20 6:0 p.m.•79 views

USN-3414-2: QEMU regression

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Leo Gaspard discovered that QEMU...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/09/19 4:53 p.m.•105 views

USN-3425-1: Apache HTTP Server vulnerability

Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...

7.5CVSS7.2AI score0.94999EPSS
Exploits9
Ubuntu
Ubuntu
•added 2017/09/19 12:47 a.m.•79 views

USN-3424-1: libxml2 vulnerabilities

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...

10CVSS7.4AI score0.23694EPSS
Exploits5
Ubuntu
Ubuntu
•added 2017/09/18 11:26 p.m.•72 views

USN-3423-1: Linux kernel vulnerability

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash...

8CVSS7.2AI score0.16181EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/09/18 11:25 p.m.•98 views

USN-3422-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3422-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux...

8CVSS7.9AI score0.16181EPSS
Exploits17
Ubuntu
Ubuntu
•added 2017/09/18 10:42 p.m.•81 views

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux...

10CVSS7.6AI score0.16181EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/09/18 10:38 p.m.•111 views

USN-3419-2: Linux kernel (HWE) vulnerabilities

USN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel wh...

8CVSS7.5AI score0.16181EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/09/18 10:29 p.m.•71 views

USN-3419-1: Linux kernel vulnerabilities

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that a buffer overflow existed in t...

8CVSS7.5AI score0.16181EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/09/18 10:21 p.m.•83 views

USN-3420-1: Linux kernel vulnerabilities

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that the Flash-Friendly File System...

10CVSS7.5AI score0.16181EPSS
Exploits12
Ubuntu
Ubuntu
•added 2017/09/18 8:32 p.m.•51 views

USN-3421-1: Libidn2 vulnerability

It was discovered that Libidn2 incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn2 to crash, resulting in a denial of service...

9.8CVSS7AI score0.03965EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/18 8:29 p.m.•111 views

USN-3422-1: Linux kernel vulnerabilities

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2017-1000251 It was discovered that the asynchronous I/O aio...

8CVSS7.9AI score0.16181EPSS
Exploits17
Ubuntu
Ubuntu
•added 2017/09/18 5:15 p.m.•71 views

USN-3346-2: Bind regression

USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key KSK...

6.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/09/18 1:24 p.m.•68 views

USN-3418-1: GDK-PixBuf vulnerabilities

It was discovered that the GDK-PixBuf library did not properly handle certain jpeg images. If an user or automated system were tricked into opening a specially crafted jpeg file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly...

8.8CVSS7.1AI score0.04599EPSS
Exploits6
Ubuntu
Ubuntu
•added 2017/09/14 10:26 p.m.•65 views

USN-3416-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin ...

10CVSS7.9AI score0.04187EPSS
Exploits13
Ubuntu
Ubuntu
•added 2017/09/14 4:55 p.m.•38 views

USN-3417-1: Libgcrypt vulnerability

Daniel Genkin, Luke Valenta, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover Curve25519 private keys...

7.5CVSS7.3AI score0.0351EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/14 1:42 a.m.•85 views

USN-3415-2: tcpdump vulnerabilities

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the corresponding tcpdump update for Ubuntu 12.04 ESM. Original advisory details: Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attack...

9.8CVSS8.1AI score0.06196EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/09/14 12:54 a.m.•93 views

USN-3415-1: tcpdump vulnerabilities

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service application crash or possibly execute arbitrary code. CVE-2017-11543 Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function...

9.8CVSS8.1AI score0.06196EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/09/13 11:58 a.m.•88 views

USN-3414-1: QEMU vulnerabilities

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. CVE-2017-7493 Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this...

9.8CVSS6.8AI score0.04093EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/12 6:25 p.m.•89 views

USN-3413-1: BlueZ vulnerability

It was discovered that an information disclosure vulnerability existed in the Service Discovery Protocol SDP implementation in BlueZ. A physically proximate unauthenticated attacker could use this to disclose sensitive information. CVE-2017-1000250...

6.5CVSS6.7AI score0.07774EPSS
Exploits3
Ubuntu
Ubuntu
•added 2017/09/07 9:4 p.m.•52 views

USN-3412-1: file vulnerability

Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this to cause file to crash, resulting in a denial of service...

5.5CVSS6.3AI score0.00404EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/06 1:52 a.m.•26 views

USN-3411-1: Bazaar vulnerability

Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/09/05 6:28 p.m.•61 views

USN-3410-2: GD library vulnerability

USN-3410-1 fixed a vulnerability in GD Graphics Library. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the GD Graphics Library aka libgd incorrectly handled certain malformed PNG images. A remote attacker could use this issue...

7.5CVSS7.8AI score0.05102EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/05 3:51 p.m.•51 views

USN-3410-1: GD library vulnerability

It was discovered that the GD Graphics Library aka libgd incorrectly handled certain malformed PNG images. A remote attacker could use this issue to cause the GD Graphics Library to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.8AI score0.05102EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/04 3:44 p.m.•53 views

USN-3409-1: FontForge vulnerabilities

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...

7.8CVSS7.2AI score0.0144EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/09/04 2:4 p.m.•40 views

USN-3408-1: Liblouis vulnerabilities

It was discovered that an illegal address access can be made in Liblouis. A remote attacker can take advantange of this to access sensitive information. CVE-2017-13738, CVE-2017-13744 It was discovered a heap-based buffer overflow that causes bytes out-of-bounds write in Liblouis. A remote attack...

8.8CVSS7.9AI score0.02189EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/30 6:52 p.m.•60 views

USN-3407-1: PyJWT vulnerability

It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch...

7.5CVSS7.4AI score0.01804EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/29 6:3 p.m.•57 views

USN-3406-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3406-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that an out of bounds read vulnerability existed in the associative...

7.8CVSS6.4AI score0.02041EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/28 10:45 p.m.•89 views

USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3405-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a use-after-free vulnerability existed in the POSIX message que...

7.8CVSS7.1AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/08/28 10:15 p.m.•76 views

USN-3404-2: Linux kernel (HWE) vulnerability

USN-3404-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker...

7.8CVSS6.7AI score0.00395EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/28 9:24 p.m.•74 views

USN-3406-1: Linux kernel vulnerabilities

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...

7.8CVSS6.4AI score0.02041EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/28 8:37 p.m.•277 views

USN-3405-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-11176 Huang Weller discovered that the ext4 filesyste...

7.8CVSS7.1AI score0.03631EPSS
Exploits8
Ubuntu
Ubuntu
•added 2017/08/28 6:52 p.m.•64 views

USN-3404-1: Linux kernel vulnerability

A reference count bug was discovered in the Linux kernel ipx protocol stack. A local attacker could exploit this flaw to cause a denial of service or possibly other unspecified problems...

7.8CVSS6.7AI score0.00395EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/28 5:55 p.m.•63 views

USN-3403-1: Ghostscript vulnerabilities

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. CVE-2017-11714 Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted...

7.8CVSS6.5AI score0.0275EPSS
Exploits5
Ubuntu
Ubuntu
•added 2017/08/28 2:24 p.m.•71 views

USN-3199-3: Python Crypto vulnerability

USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. ...

9.8CVSS9AI score0.09501EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/08/24 12:2 p.m.•47 views

USN-3402-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...

7.5CVSS6.9AI score0.0386EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/22 1:10 p.m.•66 views

USN-3401-1: TeX Live vulnerability

It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code...

9.8CVSS8.3AI score0.07146EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/08/21 3:50 p.m.•41 views

USN-3400-1: Augeas vulnerability

It was discovered that Augeas incorrectly handled certain strings. An attacker could use this issue to cause Augeas to crash, leading to a denial of service, or possibly execute arbitrary code...

9.8CVSS7.9AI score0.05002EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/21 2:19 p.m.•67 views

USN-3399-1: cvs vulnerability

Hank Leininger discovered that cvs did not properly handle SSH for remote repositories. A remote attacker could use this to construct a cvs repository that when accessed could run arbitrary code with the privileges of the user...

7.5CVSS6.8AI score0.05968EPSS
Exploits1
Ubuntu
Ubuntu
•added 2017/08/21 1:7 p.m.•100 views

USN-3398-1: graphite2 vulnerabilities

Holger Fuhrmannek and Tyson Smith discovered that graphite2 incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially-crafted font file, a remote attacker could use this issue to cause graphite2 to crash, resulting in a denial of service, or...

9.8CVSS7.7AI score0.05216EPSS
Exploits6
Ubuntu
Ubuntu
•added 2017/08/21 12:19 p.m.•49 views

USN-3397-1: strongSwan vulnerability

It was discovered that strongSwan incorrectly handled verifying specific RSA signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service...

7.5CVSS7AI score0.02825EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/18 5:46 a.m.•88 views

USN-3396-1: OpenJDK 7 vulnerabilities

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...

9.6CVSS7.6AI score0.05034EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 9:24 p.m.•72 views

USN-3391-3: Firefox regression

USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2017/08/17 7:11 p.m.•60 views

USN-3393-2: ClamAV vulnerabilities

USN-3393-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to...

7.8CVSS7.2AI score0.01976EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 5:9 p.m.•60 views

USN-3395-1: c-ares vulnerability

It was discovered that c-ares incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using c-ares to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.0331EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 5:3 p.m.•86 views

USN-3394-1: libmspack vulnerabilities

It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-6419 It was discovered that libmspack incorrectly handled certain...

7.8CVSS7.2AI score0.02067EPSS
Exploits0
Ubuntu
Ubuntu
•added 2017/08/17 4:58 p.m.•82 views

USN-3393-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...

7.8CVSS7.2AI score0.01976EPSS
Exploits0
Total number of security vulnerabilities10923