Lucene search
K
UbuntuRecent

10927 matches found

Ubuntu
Ubuntu
•added 2014/01/03 11:7 a.m.•77 views

USN-2075-1: Linux kernel vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows...

7.1CVSS7.2AI score0.09408EPSS
Exploits7
Ubuntu
Ubuntu
•added 2014/01/03 11:1 a.m.•76 views

USN-2073-1: Linux kernel vulnerabilities

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged local user could exploit this flaw to cause a denial of service system crash or possibly gain administrative privileges. CVE-2013-4470 Multiple integer overflow flaws were discovered in the...

6.9CVSS7.3AI score0.01485EPSS
Exploits6
Ubuntu
Ubuntu
•added 2014/01/03 10:59 a.m.•76 views

USN-2072-1: Linux kernel (OMAP4) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/01/03 10:58 a.m.•82 views

USN-2071-1: Linux kernel vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

6.9CVSS7.1AI score0.03181EPSS
Exploits4
Ubuntu
Ubuntu
•added 2014/01/03 10:55 a.m.•76 views

USN-2070-1: Linux kernel (Saucy HWE) vulnerabilities

Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. CVE-2013-2929 Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows...

7.1CVSS7.2AI score0.09408EPSS
Exploits7
Ubuntu
Ubuntu
•added 2014/01/03 10:52 a.m.•80 views

USN-2069-1: Linux kernel (Raring HWE) vulnerabilities

Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged local user could exploit this flaw to cause a denial of service system crash or possibly gain administrative privileges. CVE-2013-4470 Multiple integer overflow flaws were discovered in the...

6.9CVSS7.1AI score0.01485EPSS
Exploits8
Ubuntu
Ubuntu
•added 2014/01/03 10:51 a.m.•91 views

USN-2068-1: Linux kernel (Quantal HWE) vulnerabilities

Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. CVE-2013-2930 Stephan Mueller reported an erro...

7.1CVSS7.1AI score0.09408EPSS
Exploits5
Ubuntu
Ubuntu
•added 2014/01/03 10:44 a.m.•82 views

USN-2067-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

8.8CVSS7.4AI score0.39711EPSS
Exploits18
Ubuntu
Ubuntu
•added 2014/01/03 10:39 a.m.•78 views

USN-2066-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS7.1AI score0.0381EPSS
Exploits9
Ubuntu
Ubuntu
•added 2014/01/03 10:29 a.m.•81 views

USN-2065-1: Linux kernel (EC2) vulnerabilities

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. CVE-2013-4345 A flaw was discovered in the Linux kernel's IP Virtual Server IPVS support. A local user with the CAPNETADMI...

7CVSS6.7AI score0.03181EPSS
Exploits1
Ubuntu
Ubuntu
•added 2014/01/03 10:13 a.m.•107 views

USN-2064-1: Linux kernel vulnerabilities

Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. CVE-2013-4345 A flaw was discovered in the Linux kernel's IP Virtual Server IPVS support. A local user with the CAPNETADMI...

7CVSS6.7AI score0.03181EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/12/20 6:38 p.m.•39 views

USN-2063-1: NSS vulnerability

It was discovered that an intermediate certificate was incorrectly issued by a subordinate certificate authority of a trusted CA included in NSS. This intermediate certificate could be used in a machine-in-the-middle attack, and has such been marked as untrusted in this update...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2013/12/20 2:5 a.m.•58 views

USN-2062-1: OpenStack Horizon vulnerability

Chris Chapman discovered cross-site scripting XSS vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting XSS attacks against users viewing these pages in order to modify the contents or steal...

4.3CVSS5AI score0.01734EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/19 10:34 p.m.•73 views

USN-2061-1: OpenStack Keystone vulnerability

Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles...

5.8CVSS5.3AI score0.02239EPSS
Exploits2
Ubuntu
Ubuntu
•added 2013/12/19 7:36 p.m.•93 views

USN-2060-1: libjpeg, libjpeg-turbo vulnerabilities

Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information...

5CVSS7.9AI score0.10117EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/18 7:42 p.m.•63 views

USN-2059-1: GnuPG vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys...

2.1CVSS6.7AI score0.00451EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/18 12:46 p.m.•65 views

USN-2058-1: curl vulnerability

Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a machine-in-the-middle...

4CVSS5.6AI score0.02761EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/17 2:30 p.m.•63 views

USN-2057-1: Qt vulnerability

It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service...

5CVSS6.3AI score0.03105EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/16 7:49 p.m.•46 views

USN-2056-1: DjVuLibre vulnerability

It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, applications could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.3CVSS5.7AI score0.04642EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/12 4:19 p.m.•109 views

USN-2055-1: PHP vulnerabilities

Stefan Esser discovered that PHP incorrectly parsed certificates. An attacker could use a malformed certificate to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2013-6420 It was discovered that PHP incorrectly handled DateInterval objects. An attack...

7.5CVSS7.6AI score0.35635EPSS
Exploits8
Ubuntu
Ubuntu
•added 2013/12/11 3:14 p.m.•74 views

USN-2053-1: Thunderbird vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application...

10CVSS8.3AI score0.11076EPSS
Exploits10References1
Ubuntu
Ubuntu
•added 2013/12/11 2:29 p.m.•72 views

USN-2052-1: Firefox vulnerabilities

Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or...

10CVSS8.4AI score0.11076EPSS
Exploits13References1
Ubuntu
Ubuntu
•added 2013/12/11 1:13 p.m.•59 views

USN-2054-1: Samba vulnerabilities

It was discovered that Winbind incorrectly handled invalid group names with the requiremembershipof parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. CVE-2012-6150 Stefan Metzmacher and Michael Adam discovered that Samba...

8.3CVSS7.9AI score0.09017EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/12/09 12:57 p.m.•54 views

USN-2051-1: GIMP vulnerability

Murray McAllister discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges...

6.8CVSS5.9AI score0.04191EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/07 4:20 p.m.•67 views

USN-2050-1: Linux kernel (OMAP4) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement RA messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service excessive retries and address-generation outage, and consequently obtain sensitive...

6.9CVSS7.2AI score0.04144EPSS
Exploits7
Ubuntu
Ubuntu
•added 2013/12/07 3:54 p.m.•89 views

USN-2049-1: Linux kernel vulnerabilities

Miroslav Vadkerti discovered a flaw in how the permissions for network sysctls are handled in the Linux kernel. An unprivileged local user could exploit this flaw to have privileged access to files in /proc/sys/net/. CVE-2013-4270 A flaw was discovered in the Linux kernel's dm snapshot facility. ...

6.9CVSS7AI score0.04144EPSS
Exploits11
Ubuntu
Ubuntu
•added 2013/12/06 3:16 p.m.•65 views

USN-2048-2: curl regression

USN-2048-1 fixed a vulnerability in curl. The security fix uncovered a bug in the curl command line tool which resulted in the --insecure -k option not working as intended. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Scott Cantor discovered that...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2013/12/05 6:43 p.m.•59 views

USN-2048-1: curl vulnerability

Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a machine-in-the-middle attack to view sensitive...

4.3CVSS6.1AI score0.03076EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/12/03 9:38 p.m.•32 views

USN-2047-1: pixman vulnerability

Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2013/12/03 7:44 p.m.•80 views

USN-2046-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS7.3AI score0.0381EPSS
Exploits2
Ubuntu
Ubuntu
•added 2013/12/03 7:38 p.m.•81 views

USN-2045-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol SCTP of the Linux kernel. A...

6.1CVSS6.8AI score0.04144EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/12/03 7:36 p.m.•72 views

USN-2044-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS7.3AI score0.0381EPSS
Exploits2
Ubuntu
Ubuntu
•added 2013/12/03 7:33 p.m.•64 views

USN-2043-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS7.3AI score0.0381EPSS
Exploits2
Ubuntu
Ubuntu
•added 2013/12/03 7:30 p.m.•65 views

USN-2042-1: Linux kernel (Saucy HWE) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS7AI score0.0381EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/12/03 7:25 p.m.•90 views

USN-2041-1: Linux kernel (Raring HWE) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Alan Chester reported a flaw in the IPv6 Stream Control Transmission Protocol SCTP of the Linux kernel. A...

6.1CVSS6.8AI score0.04144EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/12/03 7:20 p.m.•74 views

USN-2040-1: Linux kernel (Quantal HWE) vulnerabilities

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload UFO. An unprivileged...

6.9CVSS6.8AI score0.0381EPSS
Exploits4
Ubuntu
Ubuntu
•added 2013/12/03 7:16 p.m.•91 views

USN-2039-1: Linux kernel (OMAP4) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement RA messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service excessive retries and address-generation outage, and consequently obtain sensitive...

6.2CVSS7.1AI score0.04144EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/12/03 7:12 p.m.•77 views

USN-2038-1: Linux kernel vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement RA messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service excessive retries and address-generation outage, and consequently obtain sensitive...

6.2CVSS7.1AI score0.04144EPSS
Exploits5
Ubuntu
Ubuntu
•added 2013/12/03 7:9 p.m.•90 views

USN-2037-1: Linux kernel (EC2) vulnerabilities

A flaw was discovered in the Linux kernel's KVM kernel virtual machine. An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. CVE-2012-2121 Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux...

6.9CVSS7.8AI score0.00596EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/12/03 7:3 p.m.•68 views

USN-2036-1: Linux kernel vulnerabilities

A flaw was discovered in the Linux kernel's KVM kernel virtual machine. An administrative user in the guest OS could leverage this flaw to cause a denial of service in the host OS. CVE-2012-2121 Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux...

6.9CVSS7.8AI score0.00596EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/11/27 4:36 p.m.•65 views

USN-2035-1: Ruby vulnerabilities

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS7.5AI score0.34968EPSS
Exploits4
Ubuntu
Ubuntu
•added 2013/11/25 8:57 p.m.•61 views

USN-2034-1: OpenStack Keystone vulnerability

Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backen...

3.3CVSS5.4AI score0.00444EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/11/21 10:49 p.m.•62 views

USN-2033-1: OpenJDK 6 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-3829, CVE-2013-5783, CVE-2013-5804 Several vulnerabilities were discovered in the OpenJDK JRE relate...

10CVSS7.3AI score0.24738EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/11/21 1:26 p.m.•71 views

USN-2032-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. CVE-2013-1741,...

7.5CVSS7.4AI score0.84424EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2013/11/20 3:53 p.m.•68 views

USN-2031-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. CVE-2013-1741,...

7.5CVSS7.2AI score0.84424EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2013/11/18 8:12 p.m.•59 views

USN-2030-1: NSS vulnerabilities

Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds...

7.5CVSS6.3AI score0.04399EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/11/13 3:11 p.m.•62 views

USN-2029-1: Apache Commons FileUpload vulnerability

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files...

7.5CVSS7.5AI score0.12768EPSS
Exploits0
Ubuntu
Ubuntu
•added 2013/11/12 5:41 p.m.•57 views

USN-2028-1: Apache XML Security for Java vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures...

4.3CVSS7.5AI score0.0593EPSS
Exploits1
Ubuntu
Ubuntu
•added 2013/11/12 1:5 p.m.•59 views

USN-2027-1: SPICE vulnerability

Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service...

5CVSS7.4AI score0.0273EPSS
Exploits2
Ubuntu
Ubuntu
•added 2013/11/11 3:45 p.m.•46 views

USN-2026-1: libvirt vulnerability

It was discovered that libvirt incorrectly checked privileges when the virConnectDomainXMLToNative API function was used. An attacker could possibly use this flaw to gain write privileges, contrary to expected behaviour...

8.5CVSS7AI score0.01689EPSS
Exploits0
Total number of security vulnerabilities10927