Lucene search
K
UbuntuRecent

10927 matches found

Ubuntu
Ubuntu
•added 2014/02/26 4:55 p.m.•94 views

USN-2123-1: file vulnerabilities

It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. CVE-2012-1571 Bernd Melchers discovered that file incorrectly handle...

6.5CVSS8AI score0.0507EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/02/26 1:7 p.m.•64 views

USN-2122-1: FreeRADIUS vulnerabilities

It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. CVE-2011-4966 Pierre Carrier discovered that FreeRADIUS incorrectly handled rlmpap hash processing. An authenticated user could use this issue to caus...

7.5CVSS8.3AI score0.03912EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/02/25 4:35 p.m.•64 views

USN-2121-1: GnuTLS vulnerability

Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour...

5.8CVSS5.2AI score0.03416EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/02/24 1:26 p.m.•62 views

USN-2120-1: PostgreSQL vulnerabilities

Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. CVE-2014-0060 Andres Freund discovered that PostgreSQL incorrectly...

6.5CVSS7.6AI score0.06666EPSS
Exploits5
Ubuntu
Ubuntu
•added 2014/02/19 5:35 p.m.•72 views

USN-2102-2: Firefox regression

USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric...

8.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/02/19 5:22 p.m.•83 views

USN-2119-1: Thunderbird vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker...

10CVSS8.2AI score0.07697EPSS
Exploits14References1
Ubuntu
Ubuntu
•added 2014/02/18 11:27 p.m.•71 views

USN-2117-1: Linux kernel vulnerabilities

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload UFI in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service panic. CVE-2013-4563 Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker...

7.2CVSS6.8AI score0.10209EPSS
Exploits12
Ubuntu
Ubuntu
•added 2014/02/18 11:21 p.m.•84 views

USN-2116-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

4.7CVSS6.8AI score0.00654EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/02/18 10:59 p.m.•78 views

USN-2115-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

4.7CVSS6.8AI score0.00654EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/02/18 10:41 p.m.•70 views

USN-2114-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

4.7CVSS6.8AI score0.00654EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/02/18 10:36 p.m.•85 views

USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities

Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload UFI in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service panic. CVE-2013-4563 Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker...

7.2CVSS6.8AI score0.10209EPSS
Exploits12
Ubuntu
Ubuntu
•added 2014/02/18 10:33 p.m.•61 views

USN-2112-1: Linux kernel (Raring HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows...

7.1CVSS6.7AI score0.09408EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/02/18 10:21 p.m.•583 views

USN-2111-1: Linux kernel (Quantal HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 A flaw in the handling of memory regions of the kernel virtual machine KVM subsystem was discovered. ...

4.7CVSS6.8AI score0.00654EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/02/18 10:19 p.m.•82 views

USN-2110-1: Linux kernel (OMAP4) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...

7.2CVSS7.1AI score0.09408EPSS
Exploits5
Ubuntu
Ubuntu
•added 2014/02/18 10:12 p.m.•84 views

USN-2109-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw...

7.2CVSS7.1AI score0.09408EPSS
Exploits5
Ubuntu
Ubuntu
•added 2014/02/18 9:43 p.m.•68 views

USN-2108-1: Linux kernel (EC2) vulnerabilities

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. CVE-2013-6383 mpd reported an information leak in the recvfrom,...

6.9CVSS6.8AI score0.0049EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/02/18 9:38 p.m.•75 views

USN-2107-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. CVE-2013-6383 mpd reported an information leak in the recvfrom,...

6.9CVSS6.8AI score0.0049EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/02/13 8:41 p.m.•52 views

USN-2105-1: MAAS vulnerabilities

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. CVE-2013-1069...

4.3CVSS4.9AI score0.02379EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/02/13 3:23 p.m.•30 views

USN-2098-2: LibYAML regression

USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Florian Weimer discovered that LibYAML incorrectly...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/02/12 7:0 p.m.•43 views

USN-2104-1: LXC vulnerability

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host...

7.2CVSS5.4AI score0.00498EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/02/11 4:51 p.m.•43 views

USN-2103-1: Libav vulnerabilities

It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/02/10 9:58 p.m.•99 views

USN-2102-1: Firefox vulnerabilities

Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox...

10CVSS8.4AI score0.07072EPSS
Exploits11References1
Ubuntu
Ubuntu
•added 2014/02/10 5:47 p.m.•51 views

USN-2101-1: libgadu vulnerability

Yves Younan and Ryan Pentney discovered that libgadu incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a machine-in-the-middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS5.4AI score0.08174EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/02/06 3:57 p.m.•68 views

USN-2100-1: Pidgin vulnerabilities

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. CVE-2012-6152 Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote...

10CVSS5.9AI score0.14809EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/02/05 6:38 p.m.•51 views

USN-2099-1: Perl vulnerability

It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates...

7.5CVSS8.8AI score0.62202EPSS
Exploits13
Ubuntu
Ubuntu
•added 2014/02/04 7:47 p.m.•80 views

USN-2098-1: LibYAML vulnerability

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.8CVSS6.6AI score0.09312EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/02/03 8:9 p.m.•58 views

USN-2097-1: curl vulnerability

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information...

4CVSS6.6AI score0.05599EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/31 5:25 a.m.•77 views

USN-2096-1: Linux kernel vulnerability

Pageexec reported a bug in the Linux kernel's recvmmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

6.9CVSS7.2AI score0.34649EPSS
Exploits16
Ubuntu
Ubuntu
•added 2014/01/31 5:21 a.m.•69 views

USN-2095-1: Linux kernel (Saucy HWE) vulnerability

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

6.9CVSS7.2AI score0.34649EPSS
Exploits16
Ubuntu
Ubuntu
•added 2014/01/31 5:19 a.m.•59 views

USN-2094-1: Linux kernel (Raring HWE) vulnerability

Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service system crash or gain administrator privileges...

6.9CVSS7.2AI score0.34649EPSS
Exploits16
Ubuntu
Ubuntu
•added 2014/01/30 8:39 p.m.•68 views

USN-2093-1: libvirt vulnerabilities

Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. CVE-2013-6436 Dario Faggioli discovered that libvir...

6.8CVSS7.1AI score0.02343EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/30 8:28 p.m.•53 views

USN-2092-1: QEMU vulnerabilities

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. CVE-2013-4344 It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume...

7.2CVSS7.3AI score0.00585EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/29 11:43 p.m.•33 views

USN-2091-1: OTR vulnerabilities

This update disables the OTR v1 protocol to prevent protocol downgrade attacks...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/01/27 5:54 p.m.•57 views

USN-2090-1: Munin vulnerabilities

Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. CVE-2013-6048 Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names...

5CVSS5.3AI score0.02502EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/23 8:58 p.m.•95 views

USN-2089-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411 Several vulnerabilities were discovered in the...

10CVSS6.8AI score0.24738EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/23 3:45 p.m.•52 views

USN-2088-1: NSS vulnerability

Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to spoof SSL servers...

5.8CVSS7AI score0.01929EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/23 3:39 p.m.•72 views

USN-2087-1: NSPR vulnerability

It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code...

7.5CVSS7.5AI score0.03045EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/21 1:54 p.m.•66 views

USN-2086-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.73 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10 have been updated to MySQL 5.5.35. In addition to security fixes, the...

4CVSS6.3AI score0.0467EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/21 1:46 p.m.•60 views

USN-2085-1: HPLIP vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. CVE-2013-6402 It was...

6.8CVSS7.8AI score0.03945EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/21 1:36 p.m.•46 views

USN-2084-1: devscripts vulnerability

It was discovered that the uscan tool incorrectly repacked archive files. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code...

7.5CVSS5.7AI score0.04094EPSS
Exploits0
Ubuntu
Ubuntu
•added 2014/01/16 1:22 p.m.•50 views

USN-2083-1: Graphviz vulnerabilities

It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. CVE-2014-0978, CVE-2014-1235 It was discovered that Graphviz...

10CVSS6.9AI score0.06082EPSS
Exploits2
Ubuntu
Ubuntu
•added 2014/01/15 7:12 p.m.•57 views

USN-2082-1: CUPS vulnerability

Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions...

1.2CVSS5.9AI score0.00446EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/13 7:58 p.m.•58 views

USN-2081-1: Bind vulnerability

Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service...

2.6CVSS6.7AI score0.31671EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/13 7:12 p.m.•55 views

USN-2080-1: Memcached vulnerabilities

Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. CVE-2011-4971 Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -...

5CVSS8AI score0.22317EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/01/09 8:52 p.m.•60 views

USN-2079-1: OpenSSL vulnerabilities

Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2013-4353 Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version...

5.8CVSS7.3AI score0.21174EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/09 3:53 p.m.•31 views

USN-2077-2: Puppet regression

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary file...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2014/01/07 6:40 p.m.•49 views

USN-2078-1: libXfont vulnerability

It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the...

9.3CVSS9AI score0.10254EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/06 5:36 p.m.•58 views

USN-2077-1: Puppet vulnerability

It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions...

2.1CVSS6.5AI score0.00428EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/03 11:12 a.m.•72 views

USN-2076-1: Linux kernel (OMAP4) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/01/03 11:11 a.m.•73 views

USN-2074-1: Linux kernel (OMAP4) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Total number of security vulnerabilities10927