Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2015/06/01 5:7 p.m.•50 views

USN-2624-1: OpenSSL update

As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/06/01 4:58 p.m.•55 views

USN-2623-1: ipsec-tools vulnerability

It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain UDP packets. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service...

7.8CVSS7.3AI score0.09877EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/27 1:19 p.m.•51 views

USN-2617-3: NTFS-3G vulnerability

USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not completely address the issue. This update fixes the problem. Original advisory details: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrati...

3.6CVSS6.5AI score0.01008EPSS
Exploits5
Ubuntu
Ubuntu
•added 2015/05/26 5:45 p.m.•58 views

USN-2622-1: OpenLDAP vulnerabilities

It was discovered that OpenLDAP incorrectly handled certain search queries that returned empty attributes. A remote attacker could use this issue to cause OpenLDAP to assert, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2012-1164 Michael Vishchers discovered th...

5CVSS5.7AI score0.11091EPSS
Exploits3
Ubuntu
Ubuntu
•added 2015/05/25 11:36 a.m.•60 views

USN-2621-1: PostgreSQL vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...

9.8CVSS8AI score0.08565EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/23 7:6 a.m.•57 views

USN-2620-1: Linux kernel vulnerability

A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service system crash...

4.9CVSS6.7AI score0.00381EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/23 7:4 a.m.•63 views

USN-2619-1: Linux kernel (Trusty HWE) vulnerability

A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service system crash...

4.9CVSS6.7AI score0.00381EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/22 2:5 p.m.•55 views

USN-2617-2: NTFS-3G vulnerability

USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Original advisory details: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative...

3.6CVSS6.6AI score0.01008EPSS
Exploits5
Ubuntu
Ubuntu
•added 2015/05/21 5:38 p.m.•40 views

USN-2618-1: python-dbusmock vulnerability

It was discovered that python-dbusmock incorrectly handled template loading from shared directories. A local attacker could possibly use this issue to execute arbitrary code...

9.3CVSS7.5AI score0.01815EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/21 5:8 p.m.•48 views

USN-2609-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. CVE-2015-1324 Philip Pettersson discovered that Apport contained race conditions resultin...

7.8CVSS7AI score0.00943EPSS
Exploits3
Ubuntu
Ubuntu
•added 2015/05/21 4:2 p.m.•62 views

USN-2617-1: FUSE vulnerability

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges...

3.6CVSS6.5AI score0.01008EPSS
Exploits5
Ubuntu
Ubuntu
•added 2015/05/21 2:49 p.m.•73 views

USN-2610-1: Oxide vulnerabilities

Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. CVE-2015-1253, CVE-2015-1254 A use-after-free was discovered in the...

7.5CVSS8.4AI score0.07855EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/20 11:34 a.m.•92 views

USN-2616-1: Linux kernel vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. CVE-2014-9710 A memory corruption issue was discovered in AES decryption when using the...

9.3CVSS6.9AI score0.10108EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/20 11:31 a.m.•67 views

USN-2615-1: Linux kernel (Utopic HWE) vulnerabilities

Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes xattrs. A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. CVE-2014-9710 A memory corruption issue was discovered in AES decryption when using the...

9.3CVSS6.9AI score0.10108EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/20 11:28 a.m.•73 views

USN-2614-1: Linux kernel vulnerabilities

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

9.3CVSS7AI score0.10108EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/20 11:25 a.m.•78 views

USN-2613-1: Linux kernel (Trusty HWE) vulnerabilities

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...

9.3CVSS7AI score0.10108EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/20 11:17 a.m.•89 views

USN-2612-1: Linux kernel (OMAP4) vulnerabilities

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. CVE-2015-3339 Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connecti...

6.2CVSS6.7AI score0.00396EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/20 11:15 a.m.•62 views

USN-2611-1: Linux kernel vulnerability

Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system...

4.9CVSS7.2AI score0.00396EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/18 5:8 p.m.•76 views

USN-2603-1: Thunderbird vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

7.5CVSS8.3AI score0.07417EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/13 5:41 p.m.•72 views

USN-2602-1: Firefox vulnerabilities

Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit...

7.5CVSS8.4AI score0.07417EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/13 5:13 p.m.•70 views

USN-2608-1: QEMU vulnerabilities

Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, wh...

8.6CVSS7.9AI score0.15275EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/12 12:43 p.m.•46 views

USN-2607-1: Module::Signature vulnerabilities

John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. CVE-2015-3406 John Lightsey discovered that...

10CVSS7.8AI score0.05658EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/12 12:4 p.m.•29 views

USN-2606-1: OpenSSL update

For compatibility reasons, Ubuntu 12.04 LTS shipped OpenSSL with TLSv1.2 disabled when being used as a client. This update re-enables TLSv1.2 by default now that the majority of problematic sites have been updated to fix compatibility issues. For problematic environments, TLSv1.2 can be disabled...

5.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/05/11 2:58 p.m.•73 views

USN-2605-1: ICU vulnerabilities

Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...

7.5CVSS7.2AI score0.2447EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/05/11 2:51 p.m.•51 views

USN-2604-1: Libtasn1 vulnerability

Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code...

4.3CVSS7AI score0.33094EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/09 12:44 a.m.•52 views

USN-2600-2: Linux kernel regression

USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/05/09 12:40 a.m.•28 views

USN-2599-2: Linux kernel (Utopic HWE) vulnerability

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/05/09 12:36 a.m.•31 views

USN-2598-2: Linux kernel regression

USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/05/08 11:56 p.m.•32 views

USN-2597-2: Linux kernel (Trusty HWE) regression

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/05/06 1:22 p.m.•55 views

USN-2582-1: Oxide vulnerabilities

A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render...

7.5CVSS8.7AI score0.02343EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:40 p.m.•77 views

USN-2601-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:32 p.m.•64 views

USN-2600-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:20 p.m.•82 views

USN-2599-1: Linux kernel (Utopic HWE) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:17 p.m.•58 views

USN-2598-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 10:1 p.m.•85 views

USN-2597-1: Linux kernel (Trusty HWE) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 9:57 p.m.•87 views

USN-2596-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 5:15 p.m.•59 views

USN-2595-1: ppp vulnerability

It was discovered that ppp incorrectly handled large PIDs. When pppd is used with a RADIUS server, a remote attacker could use this issue to cause it to crash, resulting in a denial of service...

4.3CVSS8.2AI score0.05444EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/05/05 5:9 p.m.•54 views

USN-2594-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile...

6.8CVSS7.5AI score0.0837EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/04 4:46 p.m.•65 views

USN-2593-1: Dnsmasq vulnerability

Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information...

6.4CVSS7.5AI score0.04456EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/05/04 4:34 p.m.•73 views

USN-2592-1: XML::LibXML vulnerability

Tilmann Haak discovered that XML::LibXML incorrectly handled the expandentities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information...

5CVSS8.3AI score0.04013EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/30 1:27 p.m.•75 views

USN-2591-1: curl vulnerabilities

Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. CVE-2015-3143 Hanno Böck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially...

9CVSS8AI score0.3763EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/30 8:34 a.m.•97 views

USN-2590-1: Linux kernel vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...

6.9CVSS6.9AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 8:31 a.m.•65 views

USN-2589-1: Linux kernel (Utopic HWE) vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...

6.9CVSS6.9AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 8:17 a.m.•92 views

USN-2588-1: Linux kernel vulnerabilities

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service kernel crash or to potentially execute code with kernel privileges. CVE-2015-2666 It was discovered that the Linux kernel's IPv6 networking...

6.9CVSS6.9AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 8:12 a.m.•85 views

USN-2587-1: Linux kernel (Trusty HWE) vulnerabilities

A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service kernel crash or to potentially execute code with kernel privileges. CVE-2015-2666 It was discovered that the Linux kernel's IPv6 networking...

6.9CVSS6.9AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 8:4 a.m.•88 views

USN-2586-1: Linux kernel (OMAP4) vulnerability

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement RA messages to set the 'hoplimit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service IPv6 messages dropped...

3.3CVSS7.1AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 7:57 a.m.•105 views

USN-2585-1: Linux kernel vulnerability

It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement RA messages to set the 'hoplimit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service IPv6 messages dropped...

3.3CVSS7.1AI score0.03052EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/04/30 7:51 a.m.•90 views

USN-2584-1: Linux kernel (EC2) vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/30 7:34 a.m.•72 views

USN-2583-1: Linux kernel vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00317EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/04/28 1:55 p.m.•39 views

USN-2581-1: NetworkManager vulnerability

Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files...

4.6CVSS5.5AI score0.00534EPSS
Exploits0
Total number of security vulnerabilities10923