Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
added 2016/08/30 4:22 p.m.74 views

USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacke...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/29 7:35 p.m.82 views

USN-3072-2: Linux kernel (OMAP4) vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/29 7:26 p.m.82 views

USN-3072-1: Linux kernel vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/29 7:19 p.m.67 views

USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/29 7:13 p.m.87 views

USN-3071-1: Linux kernel vulnerabilities

Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-5244 Yue Cao et al discovered a flaw in the TCP implementation's handling of...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/29 7:1 p.m.75 views

USN-3070-1: Linux kernel vulnerabilities

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 Kangjie Lu discovered an information leak in the Reliable Datagram Sockets RDS implementation in the Linux kernel. A local attacke...

7.8CVSS7.5AI score0.15073EPSS
Exploits3
Ubuntu
Ubuntu
added 2016/08/25 2:18 p.m.52 views

USN-3069-1: Eye of GNOME vulnerability

It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.3AI score0.18862EPSS
Exploits4
Ubuntu
Ubuntu
added 2016/08/24 1:31 p.m.62 views

USN-3067-1: HarfBuzz vulnerabilities

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory. A remote attacker could use this issue to cause HarfBuzz to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-8947 It was discovered that HarfBuzz incorrectly handled certain length checks. ...

7.6CVSS7.8AI score0.02451EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/24 1:30 p.m.61 views

USN-3068-1: Libidn vulnerabilities

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue on...

7.5CVSS7.5AI score0.06721EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/18 6:43 p.m.63 views

USN-3066-1: PostgreSQL vulnerabilities

Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. CVE-2016-5423 Nathan Bossart discovered that PostgreSQL incorrectly handled speci...

8.3CVSS7.3AI score0.05962EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/18 6:32 p.m.52 views

USN-3065-1: Libgcrypt vulnerability

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output...

5.3CVSS6.2AI score0.03597EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/18 6:28 p.m.72 views

USN-3064-1: GnuPG vulnerability

Felix Dörre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output...

5.3CVSS6.2AI score0.03597EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/17 4:53 p.m.76 views

USN-3063-1: Fontconfig vulnerability

Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges...

7.8CVSS6.3AI score0.00403EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/16 11:13 p.m.79 views

USN-3062-1: OpenJDK 7 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-3598, CVE-2016-3606,...

9.6CVSS7.5AI score0.0669EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/15 4:39 p.m.265 views

USN-3061-1: OpenSSH vulnerabilities

Eddie Harari discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users. A remote attacker could perform a timing attack and enumerate valid users. CVE-2016-6210 Tomas Kuthan, Andres Rojas, and Javier Nieto discovered that OpenSSH did not limit password...

7.8CVSS6.8AI score0.88944EPSS
Exploits17
Ubuntu
Ubuntu
added 2016/08/12 5:33 p.m.74 views

USN-3047-2: QEMU regression

USN-3047-1 fixed vulnerabilities in QEMU. The patch to fix CVE-2016-5403 caused a regression which resulted in save/restore failures when virtio memory balloon statistics are enabled. This update temporarily reverts the security fix for CVE-2016-5403 pending further investigation. We apologize fo...

7.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2016/08/10 5:5 p.m.72 views

USN-3060-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. CVE-2016-6132, CVE-2016-6214 It was discovered that the GD library...

6.5CVSS8AI score0.06256EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/10 4:58 p.m.92 views

USN-3059-1: xmlrpc-epi vulnerability

It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestringaddn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.5AI score0.06271EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/10 10:58 a.m.93 views

USN-3057-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...

7.8CVSS7.3AI score0.01009EPSS
Exploits2
Ubuntu
Ubuntu
added 2016/08/10 10:55 a.m.76 views

USN-3056-1: Linux kernel (Raspberry Pi 2) vulnerabilities

Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...

7.8CVSS7.3AI score0.01009EPSS
Exploits2
Ubuntu
Ubuntu
added 2016/08/10 10:52 a.m.85 views

USN-3055-1: Linux kernel vulnerabilities

Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...

7.8CVSS7.3AI score0.01009EPSS
Exploits2
Ubuntu
Ubuntu
added 2016/08/10 10:47 a.m.96 views

USN-3054-1: Linux kernel (Xenial HWE) vulnerabilities

Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges. CVE-2016-3135 It was...

7.8CVSS7.3AI score0.01009EPSS
Exploits2
Ubuntu
Ubuntu
added 2016/08/10 10:42 a.m.68 views

USN-3053-1: Linux kernel (Vivid HWE) vulnerabilities

A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. CVE-2016-1237 It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before...

7.8CVSS7.3AI score0.00582EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/10 10:1 a.m.91 views

USN-3052-1: Linux kernel vulnerabilities

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...

5.5CVSS6.6AI score0.00582EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/10 9:52 a.m.80 views

USN-3051-1: Linux kernel (Trusty HWE) vulnerabilities

It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service system crash. CVE-2016-4470 Kangjie Lu discovered an...

5.5CVSS6.6AI score0.00582EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/10 9:49 a.m.86 views

USN-3050-1: Linux kernel (OMAP4) vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

8.4CVSS7.4AI score0.01234EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/10 9:39 a.m.88 views

USN-3049-1: Linux kernel vulnerabilities

Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPTSOSETREPLACE events. A local unprivileged attacker could use this to cause a denial of service system crash or possibly execute arbitrary code with administrative privileges...

8.4CVSS7.4AI score0.01234EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/08 5:5 p.m.80 views

USN-3048-1: curl vulnerabilities

Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. CVE-2016-5419 It was discovered that curl incorrectly handled client certificates when reusing TLS connections. CVE-2016-5420 Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly...

8.1CVSS6.5AI score0.15063EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/05 1:29 p.m.61 views

USN-3041-1: Oxide vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service application crash or execute arbitrary code. CVE-2016-1705 It was discovered...

9.6CVSS7.6AI score0.0246EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/05 12:39 p.m.67 views

USN-3044-1: Firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

9.8CVSS8.2AI score0.13802EPSS
Exploits6
Ubuntu
Ubuntu
added 2016/08/04 6:23 p.m.74 views

USN-3047-1: QEMU vulnerabilities

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is...

7.8CVSS7AI score0.00701EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/08/04 4:36 p.m.53 views

USN-3046-1: LibreOffice vulnerability

Yves Younan and Richard Johnson discovered that LibreOffice incorrectly handled presentation files. If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code...

7.8CVSS7.7AI score0.04484EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/08/02 3:44 p.m.128 views

USN-3045-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2015-4116 ...

9.8CVSS8AI score0.50427EPSS
Exploits26
Ubuntu
Ubuntu
added 2016/07/27 6:58 a.m.83 views

USN-3043-1: OpenJDK 8 vulnerabilities

Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-3587, CVE-2016-3598,...

9.6CVSS7.5AI score0.0669EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/26 6:44 p.m.55 views

USN-3042-1: KDE-Libs vulnerability

Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory...

7.5CVSS7.3AI score0.04429EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/07/21 4:46 p.m.64 views

USN-3040-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13. ...

8.1CVSS6.5AI score0.05826EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/19 5:59 p.m.55 views

USN-3039-1: Django vulnerability

It was discovered that Django incorrectly handled the admin's add/change related popup. A remote attacker could possibly use this issue to perform a cross-site scripting attack...

6.1CVSS6.8AI score0.05536EPSS
Exploits6
Ubuntu
Ubuntu
added 2016/07/18 6:4 p.m.81 views

USN-3038-1: Apache HTTP Server vulnerability

It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this issue in combination with CGI scripts that honour the HTTPPROXY variable to redirect outgoing HTTP...

8.1CVSS6.9AI score0.55724EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/18 3:31 p.m.60 views

USN-3023-1: Thunderbird vulnerabilities

It was discovered that NSPR incorrectly handled memory allocation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. CVE-2016-1951 Christian Holler, Gary Kwong...

8.8CVSS8.5AI score0.03873EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 10:27 p.m.45 views

USN-3037-1: Linux kernel (Vivid HWE) vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 10:10 p.m.79 views

USN-3036-1: Linux kernel (Utopic HWE) vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 9:45 p.m.48 views

USN-3035-3: Linux kernel (Wily HWE) vulnerability

USN-3035-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 9:18 p.m.57 views

USN-3035-2: Linux kernel (Raspberry Pi 2) vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 8:54 p.m.47 views

USN-3035-1: Linux kernel vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 8:43 p.m.49 views

USN-3034-2: Linux kernel (Trusty HWE) vulnerability

USN-3034-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jan Stancek discovered that the Linux kernel's memory manager did not properly handle...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 8:31 p.m.48 views

USN-3034-1: Linux kernel vulnerability

Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...

7.8CVSS7.3AI score0.00415EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/14 5:55 p.m.61 views

USN-3033-1: libarchive vulnerabilities

Hanno Böck discovered that libarchive contained multiple security issues when processing certain malformed archive files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-8916, CVE-2015-8917...

7.8CVSS7.3AI score0.11992EPSS
Exploits12
Ubuntu
Ubuntu
added 2016/07/14 3:15 p.m.48 views

USN-3032-1: eCryptfs vulnerability

It was discovered that eCryptfs incorrectly configured the encrypted swap partition for certain drive types. An attacker could use this issue to discover sensitive information...

3.3CVSS4.9AI score0.00373EPSS
Exploits0
Ubuntu
Ubuntu
added 2016/07/12 4:48 p.m.52 views

USN-3031-1: Pidgin vulnerabilities

Yves Younan discovered that Pidgin contained multiple issues in the MXit protocol support. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.1CVSS6.3AI score0.04554EPSS
Exploits17
Ubuntu
Ubuntu
added 2016/07/11 4:47 p.m.99 views

USN-3030-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled memory when using gdImageScaleTwoPass. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7456 It was discovered that the GD library incorrectly handled certain...

9.1CVSS7.5AI score0.07495EPSS
Exploits2
Total number of security vulnerabilities10923