Lucene search
K
UbuntuRecent

10868 matches found

Ubuntu
Ubuntu
•added 2026/06/16 7:54 p.m.•18 views

USN-8439-1: Linux kernel (Oracle) vulnerabilities

Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. CVE-2023-2640 Shir Tamari and Sagi Tzadik...

9.8CVSS5.6AI score0.15783EPSS
Exploits14
Ubuntu
Ubuntu
•added 2026/06/16 2:48 p.m.•7 views

USN-8437-1: rabbitmq-c vulnerabilities

It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2023-35789 It was discovered that...

5.5CVSS6.3AI score0.00214EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/16 1:45 p.m.•7 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00446EPSS
Exploits6
Ubuntu
Ubuntu
•added 2026/06/16 8:41 a.m.•8 views

USN-8432-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to an out-of-bounds heap write. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-45700 In addition, this update fixes a regression...

9.8CVSS5.6AI score0.00462EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2026/06/16 7:31 a.m.•8 views

USN-8349-3: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/15 5:24 p.m.•9 views

USN-8431-1: Ruby vulnerabilities

It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption...

9.8CVSS5.6AI score0.00429EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/15 4:19 p.m.•18 views

USN-8430-1: ADSys vulnerabilities

It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...

7.5CVSS7.9AI score0.00781EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/15 1:3 p.m.•8 views

USN-8428-1: tmux vulnerability

It was discovered that tmux incorrectly handled image cleanup, leading to a use-after-free vulnerability. A local attacker could possibly use this issue to cause tmux to crash, resulting in a denial of service...

4.5CVSS5.4AI score0.00124EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/15 12:44 p.m.•16 views

USN-8398-3: nginx vulnerability

USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain...

7.5CVSS5.5AI score0.11471EPSS
Exploits7
Ubuntu
Ubuntu
•added 2026/06/15 12:12 p.m.•7 views

USN-8405-2: CUPS regression

USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during...

6.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/15 12:1 p.m.•7 views

USN-8427-1: Mesa vulnerability

It was discovered that Mesa did not properly validate memory allocation sizes in WebGPU under certain circumstances. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS5.6AI score0.00348EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/11 9:57 p.m.•22 views

USN-8426-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS6.4AI score0.96775EPSS
Exploits281
Ubuntu
Ubuntu
•added 2026/06/11 8:54 p.m.•6 views

USN-8425-1: njs vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

9.8CVSS6.3AI score0.00889EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/11 6:54 p.m.•17 views

USN-8423-1: lwIP vulnerabilities

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8597 It was...

10CVSS8.8AI score0.19431EPSS
Exploits4
Ubuntu
Ubuntu
•added 2026/06/11 3:20 p.m.•7 views

USN-8424-1: Ubuntu Kylin Software Center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/11 12:55 p.m.•9 views

USN-8422-1: Mistral vulnerability

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it...

9.9CVSS6AI score0.00733EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/11 12:22 p.m.•8 views

USN-8421-1: Ironic vulnerabilities

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor...

8.1CVSS5.9AI score0.00601EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/11 6:57 a.m.•15 views

USN-8420-1: .NET vulnerabilities

It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this issue to perform unauthorized file tampering and write arbitrary files outside of the intended extraction directory. CVE-2026-45491 It was discovered that .NET did not properly...

7.5CVSS5.6AI score0.0243EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/10 1:49 p.m.•9 views

USN-8419-1: HTTP-Daemon vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

9.1CVSS5.9AI score0.01231EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/10 12:22 p.m.•9 views

USN-6455-2: Exim regression

USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered tha...

6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/10 11:30 a.m.•17 views

USN-8130-3: GStreamer Base Plugins vulnerability

USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...

7.8CVSS7.7AI score0.00867EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/10 8:58 a.m.•8 views

USN-8418-1: Crypt-SaltedHash vulnerability

It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically weak pseudo-random number generator. An attacker could possibly use this issue to predict generated salts, leading to a weakening of cryptographic protections...

9.1CVSS5.5AI score0.00397EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/10 6:44 a.m.•27 views

USN-8417-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2
Ubuntu
Ubuntu
•added 2026/06/09 6:29 p.m.•35 views

USN-8414-2: OpenSSL vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02719EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 6:1 p.m.•18 views

USN-8416-1: Go Networking vulnerability

It was discovered that Go Networking incorrectly handled certain Punycode-encoded labels in the idna package. An attacker could possibly use this issue to bypass hostname-based access restrictions...

9.6CVSS5.5AI score0.00478EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 5:28 p.m.•12 views

USN-8415-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00552EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 5:14 p.m.•20 views

USN-8414-1: OpenSSL vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

9.1CVSS6.1AI score0.02719EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 4:29 p.m.•9 views

USN-8409-1: uriparser vulnerability

It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly use this issue to cause uriparser to crash, resulting in a denial of service...

2.9CVSS5.5AI score0.0012EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 4:27 p.m.•18 views

USN-8156-2: GDK-PixBuf vulnerability

USN-8156-1 fixed a vulnerability in GDK-PixBuf. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GDK-PixBuf incorrectly handled certain JPEG files. An attacker could use this issue to caus...

7.5CVSS7.6AI score0.01069EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/06/09 4:22 p.m.•17 views

USN-8412-1: QEMU vulnerabilities

Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary...

8.2CVSS7.7AI score0.04018EPSS
Exploits10
Ubuntu
Ubuntu
•added 2026/06/09 4:9 p.m.•11 views

USN-8413-1: Cyborg vulnerabilities

It was discovered that Cyborg did not properly enforce project ownership in the Accelerator Request ARQ API. An authenticated user could possibly use this issue to delete ARQs bound to other projects' instances, resulting in a cross-tenant denial of service. CVE-2026-40214 It was discovered that...

7.4CVSS5.7AI score0.00206EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 3:16 p.m.•22 views

USN-8411-1: Lodash vulnerabilities

It was discovered that Lodash was vulnerable to a prototype pollution issue in the zipObjectDeep function. An attacker could possibly use this issue to modify application behavior. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-8203 Liyuan Chen discovered that Lodash was...

9.8CVSS7AI score0.2241EPSS
Exploits4
Ubuntu
Ubuntu
•added 2026/06/09 1:48 p.m.•31 views

USN-8398-2: nginx regression

USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/09 9:23 a.m.•8 views

USN-8044-2: alsa-lib vulnerability

USN-8044-1 fixed a vulnerability in alsa-lib. This update provides the corresponding fix for alsa-lib on Ubuntu 20.04 LTS. Original advisory details: It was discovered that alsa-lib incorrectly handled the topology mixer control decoder. A local attacker could use a specially crafted topology fil...

4.6CVSS5.8AI score0.00191EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/09 8:38 a.m.•17 views

USN-8410-1: shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/06/08 7:36 p.m.•9 views

USN-8408-1: Twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

9.9CVSS5.8AI score0.00738EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 5:28 p.m.•13 views

USN-8407-1: strongSwan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.6AI score
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 4:41 p.m.•12 views

USN-8349-2: rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2026/06/08 4:6 p.m.•9 views

USN-8406-1: Net::CIDR::Lite vulnerabilities

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero characters at the beginning of an IP address string. A remote attacker could possibly use this issue to bypass access controls that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

7.5CVSS5.6AI score0.00493EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 3:51 p.m.•9 views

USN-8405-1: CUPS vulnerabilities

Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker could possibly use this issue to gain unauthorized access to restricted operations. CVE-2026-27447 Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled...

7.8CVSS6.2AI score0.00502EPSS
Exploits8
Ubuntu
Ubuntu
•added 2026/06/08 3:15 p.m.•10 views

USN-8404-1: Transmission vulnerability

It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker could possibly use this issue to trick users into performing unintended actions...

5.3CVSS5.5AI score0.00305EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 2:28 p.m.•7 views

USN-8403-1: Kea DHCP vulnerability

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker could possibly use this issue to cause Kea DHCP to crash, resulting in a denial of service...

7.5CVSS8AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 1:38 p.m.•16 views

USN-8401-1: Netty vulnerabilities

It was discovered that Netty's HTTP proxy handler did not properly validate headers when constructing CONNECT requests. An attacker could possibly use this issue to inject arbitrary HTTP headers into CONNECT requests. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

9.8CVSS6.8AI score0.00818EPSS
Exploits6
Ubuntu
Ubuntu
•added 2026/06/08 1:17 p.m.•14 views

USN-8402-1: systemd vulnerabilities

It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. CVE-2026-40226 It was discovered that systemd-resolved incorrectly validated DNSSEC records for...

6.4CVSS6.9AI score0.00849EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 12:52 p.m.•10 views

USN-8400-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An attacker could possibly use this issue to execute arbitrary code, obtain sensitive information, or cause a denial of service...

7.8CVSS5.8AI score0.00252EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 12:43 p.m.•9 views

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 12:32 p.m.•11 views

USN-8398-1: nginx vulnerability

It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service...

7.5CVSS5.5AI score0.11471EPSS
Exploits7
Ubuntu
Ubuntu
•added 2026/06/08 12:20 p.m.•10 views

USN-8397-1: libjxl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

7.3CVSS5.8AI score0.00367EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 11:33 a.m.•9 views

USN-8395-1: Netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

9.9CVSS6.2AI score0.00516EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/06/08 10:16 a.m.•10 views

USN-8396-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...

9.8CVSS5.7AI score0.01325EPSS
Exploits1
Total number of security vulnerabilities10868