Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2016/07/11 4:36 p.m.•61 views

USN-3029-1: NSS vulnerability

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. This update refreshes the NSS package to version 3.23 which includes the latest CA...

9.3CVSS8.5AI score0.0338EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/11 4:28 p.m.•55 views

USN-3028-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled memory allocation. A remote attacker could use this issue to cause NSPR to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.6CVSS8.2AI score0.02716EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/06 6:6 p.m.•67 views

USN-3027-1: Tomcat vulnerability

It was discovered that the Tomcat Fileupload library incorrectly handled certain upload requests. A remote attacker could possibly use this issue to cause a denial of service...

7.8CVSS7.4AI score0.35927EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/05 5:35 p.m.•46 views

USN-3026-2: libusbmuxd vulnerability

It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations...

5.3CVSS6.3AI score0.02994EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/05 5:31 p.m.•65 views

USN-3026-1: libimobiledevice vulnerability

It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations...

5.3CVSS6.3AI score0.02994EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/05 5:1 p.m.•57 views

USN-3025-1: GIMP vulnerability

It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges...

7.8CVSS6.9AI score0.03113EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/07/05 4:55 p.m.•96 views

USN-3024-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu...

8.8CVSS7.3AI score0.35927EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/30 5:52 p.m.•54 views

USN-3015-1: Oxide vulnerabilities

Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. CVE-2016-1704...

8.8CVSS8.5AI score0.01094EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/29 11:55 p.m.•61 views

USN-3022-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code...

7.8CVSS7.2AI score0.02819EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/06/27 11:56 p.m.•82 views

USN-3021-2: Linux kernel (OMAP4) vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

7.8CVSS6.3AI score0.04178EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/06/27 11:48 p.m.•114 views

USN-3021-1: Linux kernel vulnerabilities

Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service system crash. CVE-2016-3951 Kangji...

7.8CVSS6.3AI score0.04178EPSS
Exploits5
Ubuntu
Ubuntu
•added 2016/06/27 9:30 p.m.•86 views

USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 9:26 p.m.•76 views

USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 9:19 p.m.•84 views

USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3018-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not...

7.8CVSS7AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 9:11 p.m.•85 views

USN-3018-1: Linux kernel vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 8:55 p.m.•75 views

USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities

USN-3016-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 8:49 p.m.•75 views

USN-3017-3: Linux kernel (Wily HWE) vulnerabilities

USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correct...

7.8CVSS7.2AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 8:41 p.m.•87 views

USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 8:36 p.m.•75 views

USN-3017-1: Linux kernel vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 8:1 p.m.•69 views

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 7:53 p.m.•75 views

USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/27 7:46 p.m.•73 views

USN-3016-1: Linux kernel vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

7.8CVSS7.1AI score0.05676EPSS
Exploits15
Ubuntu
Ubuntu
•added 2016/06/21 12:33 p.m.•53 views

USN-3014-1: Spice vulnerabilities

Jing Zhao discovered that the Spice smartcard support incorrectly handled memory. A remote attacker could use this issue to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 15.10 and Ubuntu 16.04 LTS. CVE-2016-0749...

10CVSS8.3AI score0.08492EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/20 5:11 p.m.•67 views

USN-3013-1: XML-RPC for C and C++ vulnerabilities

It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. CVE-2012-6702 It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number...

9.8CVSS8.5AI score0.19069EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/06/20 5:10 p.m.•73 views

USN-3010-1: Expat vulnerabilities

It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. CVE-2012-6702 It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a...

7.8CVSS6.9AI score0.06539EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/20 4:57 p.m.•63 views

USN-3012-1: Wget vulnerability

Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files...

8.8CVSS6.9AI score0.45935EPSS
Exploits8
Ubuntu
Ubuntu
•added 2016/06/20 4:52 p.m.•64 views

USN-3011-1: HAProxy vulnerability

Falco Schmutz discovered that HAProxy incorrectly handled the reqdeny filter. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.4282EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/20 4:35 p.m.•53 views

USN-3009-1: Dnsmasq vulnerability

Edwin Török discovered that Dnsmasq incorrectly handled certain CNAME responses. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service...

7.5CVSS7.4AI score0.02415EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/10 7:1 a.m.•89 views

USN-3008-1: Linux kernel (Qualcomm Snapdragon) vulnerability

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

7.8CVSS7.2AI score0.01393EPSS
Exploits2
Ubuntu
Ubuntu
•added 2016/06/10 6:58 a.m.•91 views

USN-3007-1: Linux kernel (Raspberry Pi 2) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

7.8CVSS6.8AI score0.06386EPSS
Exploits6
Ubuntu
Ubuntu
•added 2016/06/10 6:56 a.m.•90 views

USN-3006-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

7.8CVSS6.8AI score0.06386EPSS
Exploits6
Ubuntu
Ubuntu
•added 2016/06/10 6:53 a.m.•89 views

USN-3005-1: Linux kernel (Xenial HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

7.8CVSS6.8AI score0.06386EPSS
Exploits6
Ubuntu
Ubuntu
•added 2016/06/10 5:53 a.m.•87 views

USN-3004-1: Linux kernel (Raspberry Pi 2) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/06/10 5:46 a.m.•87 views

USN-3003-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/06/10 5:42 a.m.•82 views

USN-3002-1: Linux kernel (Wily HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/06/10 5:40 a.m.•81 views

USN-3001-1: Linux kernel (Vivid HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/06/10 5:36 a.m.•76 views

USN-3000-1: Linux kernel (Utopic HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS6.8AI score0.2593EPSS
Exploits24
Ubuntu
Ubuntu
•added 2016/06/10 5:33 a.m.•68 views

USN-2999-1: Linux kernel vulnerability

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

7.8CVSS7.2AI score0.01393EPSS
Exploits2
Ubuntu
Ubuntu
•added 2016/06/10 5:30 a.m.•71 views

USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jann Horn discovered that eCryptfs improperly attempted to use...

10CVSS7AI score0.2593EPSS
Exploits19
Ubuntu
Ubuntu
•added 2016/06/10 5:28 a.m.•79 views

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

10CVSS6.8AI score0.2593EPSS
Exploits33
Ubuntu
Ubuntu
•added 2016/06/10 2:44 a.m.•65 views

USN-2996-1: Linux kernel vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

10CVSS6.8AI score0.2593EPSS
Exploits33
Ubuntu
Ubuntu
•added 2016/06/09 5:10 p.m.•67 views

USN-2995-1: Squid vulnerabilities

Yuriy M. Kaminskiy discovered that the Squid pinger utility incorrectly handled certain ICMPv6 packets. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly cause Squid to leak information into log files. CVE-2016-3947 Yuriy M. Kaminskiy...

8.8CVSS6.8AI score0.79969EPSS
Exploits1
Ubuntu
Ubuntu
•added 2016/06/09 3:13 p.m.•75 views

USN-2993-1: Firefox vulnerabilities

Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa discovered multiple memory safety issues in Firefox. If a user were tricked in to...

9.3CVSS7.7AI score0.23957EPSS
Exploits7
Ubuntu
Ubuntu
•added 2016/06/06 4:43 p.m.•109 views

USN-2994-1: libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. CVE-2015-8806, CVE-2016-2073, CVE-2016-3627,...

9.3CVSS7AI score0.1398EPSS
Exploits12
Ubuntu
Ubuntu
•added 2016/06/06 3:26 p.m.•84 views

USN-2992-1: Oxide vulnerabilities

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1673 An issue was discovered with Document reattachment in Blink in some circumstances. ...

8.8CVSS7.5AI score0.03094EPSS
Exploits3
Ubuntu
Ubuntu
•added 2016/06/02 5:3 p.m.•75 views

USN-2991-1: nginx vulnerability

It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service...

7.5CVSS7.5AI score0.16376EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/06/02 1:13 p.m.•84 views

USN-2990-1: ImageMagick vulnerabilities

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration...

10CVSS6.4AI score0.97485EPSS
Exploits14
Ubuntu
Ubuntu
•added 2016/06/01 5:51 a.m.•77 views

USN-2989-1: Linux kernel vulnerabilities

Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. CVE-2016-2117 Jason A. Donenfeld discovered multiple out-of-bounds reads in t...

10CVSS7AI score0.2593EPSS
Exploits17
Ubuntu
Ubuntu
•added 2016/05/31 6:10 p.m.•63 views

USN-2988-1: LXD vulnerabilities

Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. CVE-2016-1581 Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged contain...

5.5CVSS5.6AI score0.00346EPSS
Exploits0
Ubuntu
Ubuntu
•added 2016/05/31 3:17 p.m.•74 views

USN-2987-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

9.8CVSS7.5AI score0.36974EPSS
Exploits14
Total number of security vulnerabilities10923