Lucene search
K
UbuntuRecent

10923 matches found

Ubuntu
Ubuntu
•added 2015/02/04 1:16 a.m.•73 views

USN-2491-1: Linux kernel (EC2) vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 Lars Bull reported a race condition in the PIT...

7.8CVSS6.4AI score0.01447EPSS
Exploits9
Ubuntu
Ubuntu
•added 2015/02/04 1:11 a.m.•98 views

USN-2490-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

4.9CVSS6.6AI score0.00583EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/02/03 6:0 p.m.•58 views

USN-2489-1: unzip vulnerability

Michal Zalewski discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code...

5CVSS6.6AI score0.11562EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/02/02 6:17 p.m.•60 views

USN-2488-1: ClamAV vulnerability

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS5.5AI score0.03234EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/28 2:9 a.m.•68 views

USN-2487-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,...

10CVSS6.5AI score0.99999EPSS
Exploits12
Ubuntu
Ubuntu
•added 2015/01/27 8:56 p.m.•80 views

USN-2486-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-3566, CVE-2014-6587, CVE-2014-6601, CVE-2015-0395,...

10CVSS6.5AI score0.99999EPSS
Exploits12
Ubuntu
Ubuntu
•added 2015/01/27 4:18 p.m.•83 views

USN-2485-1: GNU C Library vulnerability

It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service...

10CVSS8.2AI score0.94859EPSS
Exploits29References1
Ubuntu
Ubuntu
•added 2015/01/27 12:13 p.m.•71 views

USN-2458-3: Firefox regression

USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Patrick McManus, Christoph...

8.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/01/26 8:1 p.m.•71 views

USN-2476-1: Oxide vulnerabilities

Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process...

7.5CVSS8.6AI score0.04339EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/26 1:21 p.m.•58 views

USN-2484-1: Unbound vulnerability

Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service...

4.3CVSS5.3AI score0.25205EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/26 1:14 p.m.•49 views

USN-2483-2: Ghostscript vulnerabilities

USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Original advisory details: Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked...

7.5CVSS7.7AI score0.18501EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/26 1:9 p.m.•60 views

USN-2483-1: JasPer vulnerabilities

Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. CVE-2014-8137 Jos...

7.5CVSS7.6AI score0.18501EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/23 1:19 a.m.•54 views

USN-2482-1: elfutils vulnerability

Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory...

6.4CVSS6.4AI score0.05018EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/22 2:38 p.m.•49 views

USN-2481-1: Samba vulnerability

Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further...

8.5CVSS7.2AI score0.04264EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/22 2:29 p.m.•72 views

USN-2480-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the...

7.5CVSS6.6AI score0.10066EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/19 5:4 p.m.•63 views

USN-2460-1: Thunderbird vulnerabilities

Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitra...

7.5CVSS7.8AI score0.03861EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/19 3:4 p.m.•77 views

USN-2479-1: RPM vulnerabilities

Florian Weimer discovered that RPM incorrectly handled temporary files. A local attacker could use this issue to execute arbitrary code. CVE-2013-6435 Florian Weimer discovered that RPM incorrectly handled certain CPIO headers. If a user or automated system were tricked into installing a maliciou...

10CVSS7.7AI score0.07669EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/19 2:57 p.m.•65 views

USN-2478-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service...

5CVSS6.8AI score0.05145EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/19 2:53 p.m.•63 views

USN-2477-1: libevent vulnerability

Andrew Bartlett discovered that libevent incorrectly handled large inputs to the evbuffer API. A remote attacker could possibly use this issue with an application that uses libevent to cause a denial of service, or possibly execute arbitrary code...

7.5CVSS8.3AI score0.02084EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/15 2:56 p.m.•37 views

USN-2475-1: GTK+ update

Clemens Fries discovered that GTK+ allowed bypassing certain screen locks by using the menu key. An attacker with physical access could possibly use this flaw to gain access to a locked session...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/01/15 1:24 p.m.•56 views

USN-2474-1: curl vulnerability

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests...

4.3CVSS7.7AI score0.0681EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/14 11:27 p.m.•55 views

USN-2473-1: coreutils vulnerabilities

It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. CVE-2009-4135 Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly...

7.5CVSS6.2AI score0.07087EPSS
Exploits2
Ubuntu
Ubuntu
•added 2015/01/14 9:46 p.m.•65 views

USN-2458-2: Ubufox update

USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Original advisory details: Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues...

8.1AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2015/01/14 9:27 p.m.•63 views

USN-2458-1: Firefox vulnerabilities

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to caus...

7.5CVSS8.2AI score0.65657EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/01/14 8:18 p.m.•62 views

USN-2472-1: unzip vulnerabilities

Wolfgang Ettlinger discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code...

7.8CVSS7.1AI score0.07448EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/14 8:9 p.m.•44 views

USN-2471-1: GParted vulnerability

Wolfgang Ettlinger discovered that GParted incorrectly filtered shell metacharacters when running external commands. A local attacker could use this issue with a crafted filesystem label to run arbitrary commands as the administrator...

7.2CVSS5.5AI score0.01113EPSS
Exploits5
Ubuntu
Ubuntu
•added 2015/01/14 12:44 a.m.•55 views

USN-2470-1: Git vulnerability

Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that...

9.8CVSS8.3AI score0.63178EPSS
Exploits5
Ubuntu
Ubuntu
•added 2015/01/13 7:40 p.m.•64 views

USN-2469-1: Django vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0219 Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

5CVSS5.5AI score0.06783EPSS
Exploits3
Ubuntu
Ubuntu
•added 2015/01/13 12:38 p.m.•80 views

USN-2468-1: Linux kernel vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service system crash via a malformed INIT chunk. CVE-2014-7841 A race condition with MMIO and PIO transactions in the KV...

6.1CVSS6.8AI score0.0523EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/13 12:16 p.m.•76 views

USN-2467-1: Linux kernel (Utopic HWE) vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service system crash via a malformed INIT chunk. CVE-2014-7841 A race condition with MMIO and PIO transactions in the KV...

6.1CVSS6.8AI score0.0523EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/13 12:7 p.m.•110 views

USN-2466-1: Linux kernel vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service system crash via a malformed INIT chunk. CVE-2014-7841 A race condition with MMIO and PIO transactions in the KV...

6.1CVSS6.8AI score0.0523EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/13 11:43 a.m.•77 views

USN-2465-1: Linux kernel (Trusty HWE) vulnerabilities

A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service system crash via a malformed INIT chunk. CVE-2014-7841 A race condition with MMIO and PIO transactions in the KV...

6.1CVSS6.8AI score0.0523EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/13 11:40 a.m.•91 views

USN-2464-1: Linux kernel (OMAP4) vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...

7.8CVSS6.7AI score0.01447EPSS
Exploits10
Ubuntu
Ubuntu
•added 2015/01/13 11:37 a.m.•91 views

USN-2463-1: Linux kernel vulnerabilities

A race condition with MMIO and PIO transactions in the KVM Kernel Virtual Machine subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service guest OS crash via a specially crafted application. CVE-2014-7842 The KVM kernel virtual machine...

7.8CVSS6.8AI score0.00565EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/13 11:32 a.m.•80 views

USN-2462-1: Linux kernel vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 Lars Bull reported a race condition in the PIT...

7.8CVSS6.9AI score0.01447EPSS
Exploits9
Ubuntu
Ubuntu
•added 2015/01/12 10:25 p.m.•44 views

USN-2461-2: libyaml-libyaml-perl vulnerability

Stanisław Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

5CVSS8.2AI score0.13195EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/12 10:24 p.m.•43 views

USN-2461-1: LibYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

5CVSS8.3AI score0.13195EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/12 10:12 p.m.•47 views

USN-2461-3: PyYAML vulnerability

Stanisław Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service...

5CVSS8.3AI score0.13195EPSS
Exploits1
Ubuntu
Ubuntu
•added 2015/01/12 5:40 p.m.•73 views

USN-2459-1: OpenSSL vulnerabilities

Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...

5CVSS7.5AI score0.98685EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/08 7:40 p.m.•55 views

USN-2456-1: GNU cpio vulnerabilities

Michal Zalewski discovered an out of bounds write issue in the processcopyin function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. CVE-2014-9112 Jakob Lell discovered a heap-based buffer overflow in the...

6.8CVSS7.5AI score0.07093EPSS
Exploits3
Ubuntu
Ubuntu
•added 2015/01/07 7:26 p.m.•64 views

USN-2455-1: bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...

7.8CVSS7.4AI score0.0155EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/07 5:52 p.m.•47 views

USN-2454-1: Exiv2 vulnerability

It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service...

5CVSS7.9AI score0.03654EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/07 5:47 p.m.•43 views

USN-2453-1: mime-support vulnerability

Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code...

7.5CVSS8.6AI score0.02699EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/07 5:41 p.m.•58 views

USN-2452-1: NSS vulnerability

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack...

7.5CVSS7.5AI score0.03182EPSS
Exploits4
Ubuntu
Ubuntu
•added 2015/01/06 2:55 a.m.•47 views

USN-2451-1: cgmanager vulnerability

Serge Hallyn discovered that cgmanager did not consistently enforce proper nesting when modifying cgroup properties. A local attacker in a privileged container could use this to set cgroup values for all cgroups...

2.1CVSS5.3AI score0.00355EPSS
Exploits0
Ubuntu
Ubuntu
•added 2015/01/05 1:19 p.m.•58 views

USN-2450-1: strongSwan vulnerability

Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service...

5CVSS8.2AI score0.03823EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/12/22 1:12 p.m.•71 views

USN-2449-1: NTP vulnerabilities

Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. CVE-2014-9293 Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker...

7.5CVSS7.2AI score0.7809EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/12/19 12:49 p.m.•108 views

USN-2447-2: Linux kernel (Utopic HWE) regression

USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discover...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/12/19 12:43 p.m.•80 views

USN-2448-2: Linux kernel regression

USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. We apologize for the inconvenience. Original advisory details: An information leak in the Linux kernel was discover...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/12/12 7:49 a.m.•87 views

USN-2448-1: Linux kernel vulnerabilities

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...

7.8CVSS6.8AI score0.08579EPSS
Exploits17
Total number of security vulnerabilities10923