Lucene search
K
UbuntuRecent

10869 matches found

Ubuntu
Ubuntu
added 2026/06/01 1:52 p.m.37 views

USN-8354-1: nginx vulnerabilities

It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker could possibly use this issue to bypass authorization checks or rate limiting. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. CVE-2026-40460 It was discovered that nginx...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
Ubuntu
Ubuntu
added 2026/06/01 1:24 p.m.13 views

USN-8353-1: Exim vulnerability

Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS5.8AI score0.00264EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/06/01 1:3 p.m.24 views

USN-8352-1: LibreOffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6.1AI score0.00078EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/06/01 12:45 p.m.23 views

USN-8351-1: Linux kernel (Low Latency) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS7AI score0.96775EPSS
Exploits228
Ubuntu
Ubuntu
added 2026/06/01 12:31 p.m.20 views

USN-8350-1: Linux kernel (NVIDIA Tegra) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS7AI score0.96775EPSS
Exploits228
Ubuntu
Ubuntu
added 2026/06/01 9:20 a.m.18 views

USN-8349-1: rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

8.1CVSS5.9AI score0.0078EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/06/01 9:5 a.m.24 views

LSN-120-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. In the Linux kernel, the...

9.8CVSS6.7AI score0.96775EPSS
Exploits228
Ubuntu
Ubuntu
added 2026/05/29 7:53 p.m.25 views

USN-8344-2: pip regression

USN-8344-1 fixed vulnerabilities in pip. On Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS the patches for CVE-2025-66471 caused a regression when using pip. The patches for CVE-2025-66471 have been temporarily reverted pending investigation. We apologize for the inconvenience. Original...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2026/05/29 10:47 a.m.16 views

USN-8338-2: Apache HTTP Server regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

5.9AI score0.41611EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2026/05/28 11:0 p.m.15 views

USN-8347-1: QT WebEngine vulnerability

It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

8.8CVSS6.7AI score0.00739EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 10:41 p.m.17 views

USN-8346-1: Texmaker vulnerabilities

It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

8.8CVSS6.7AI score0.00739EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 10:21 p.m.15 views

USN-8345-1: GDAL vulnerability

It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code...

8.8CVSS6.7AI score0.00739EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 7:51 p.m.26 views

USN-8341-1: OpenJDK 26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 7:46 p.m.20 views

USN-8344-1: pip vulnerabilities

It was discovered that pip incorrectly handled TLS certificate verification in session connections. If a session was first used with certificate verification disabled, subsequent requests to the same host would also skip verification regardless of the session's current settings. A remote attacker...

8.9CVSS6.8AI score0.00622EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 6:34 p.m.18 views

USN-8229-2: sed vulnerability

USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...

2.1CVSS5.9AI score0.00142EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 6:23 p.m.15 views

USN-8342-1: Vim vulnerability

It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands...

6.6CVSS5.8AI score0.00501EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 5:53 p.m.16 views

USN-8343-1: multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS7.4AI score0.00606EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 3:51 p.m.22 views

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 3:22 p.m.19 views

USN-8340-1: LibreOffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6.1AI score0.00078EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 2:51 p.m.18 views

USN-8338-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

9.8CVSS7.1AI score0.41611EPSS
Exploits2
Ubuntu
Ubuntu
added 2026/05/28 2:32 p.m.19 views

USN-8337-1: QtSvg vulnerabilities

It was discovered that QtSvg incorrectly handled certain SVG images. An attacker could possibly use this issue to cause QtSvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2018-19869 It was discovered that QtSvg incorrectly handled certain SVG images. ...

7.1CVSS7.1AI score0.02178EPSS
Exploits3
Ubuntu
Ubuntu
added 2026/05/28 1:31 p.m.18 views

USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.0076EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/05/28 12:47 p.m.18 views

USN-8335-1: pyOpenSSL vulnerability

It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections being accepted after an exception, contrary to expectations...

6.3CVSS5.8AI score0.00241EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 12:5 p.m.20 views

USN-8334-1: CRaC JDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.3AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 12:1 p.m.17 views

USN-8333-1: CRaC JDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:57 a.m.15 views

USN-8332-1: CRaC JDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:45 a.m.19 views

USN-8331-1: OpenJDK 11 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 11:38 a.m.28 views

USN-8330-1: OpenJDK 8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 7:13 a.m.15 views

USN-8329-1: FFmpeg vulnerability

It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...

6.2CVSS6.7AI score0.00238EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 6:22 a.m.26 views

USN-8328-1: OpenJDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/28 6:12 a.m.25 views

USN-8327-1: OpenJDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 5:43 p.m.16 views

USN-8326-1: Foomuuri vulnerabilities

Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly use this issue to manipulate the firewall configuration, contrary to expectations. CVE-2025-67603 Matthias Gerstner discovered that Foomuuri's D-Bus...

7CVSS5.8AI score0.00171EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 3:1 p.m.14 views

USN-8325-1: tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

5.9CVSS5.8AI score0.00547EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 2:10 p.m.15 views

USN-8324-1: Apache Tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

9.8CVSS7.3AI score0.79807EPSS
Exploits6
Ubuntu
Ubuntu
added 2026/05/27 1:28 p.m.17 views

USN-8323-1: Postorius vulnerability

It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information...

7.2CVSS5.9AI score0.00237EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 1:20 p.m.12 views

USN-8322-1: Apache Commons BeanUtils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.1AI score0.01495EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/05/27 1:2 p.m.12 views

USN-8321-1: Papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

8.4CVSS5.8AI score0.00529EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 12:47 p.m.15 views

USN-8320-1: Memcached vulnerabilities

It was discovered that Memcached's SASL password database authentication had a timing side channel when handling username and password data. A remote attacker could possibly use this issue to obtain sensitive information...

8.1CVSS5.8AI score0.01312EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 12:32 p.m.11 views

USN-8319-1: Libgcrypt vulnerabilities

It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. CVE-2026-41989 It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly...

6.7CVSS5.8AI score0.0018EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 12:23 p.m.12 views

USN-8318-1: libcaca vulnerability

It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6AI score0.00223EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 12:7 p.m.15 views

USN-8317-1: GStreamer Good Plugins vulnerabilities

It was discovered that GStreamer Good Plugins incorrectly handled certain MP4 audio tracks. An attacker could possibly use this issue to cause GStreamer Good Plugins to crash, resulting in a denial of service...

9.1CVSS5.8AI score0.00208EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 9:35 a.m.10 views

USN-8316-1: CableSwig vulnerabilities

It was discovered that Expat, vendored in CableSwig, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.33936EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 8:39 a.m.13 views

USN-8315-1: MediaWiki vulnerabilities

It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...

7.5CVSS5.8AI score0.0029EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 4:15 a.m.15 views

USN-8314-1: Ayttm vulnerabilities

It was discovered that Expat, vendored in Ayttm, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.33936EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/27 4:7 a.m.13 views

USN-8313-1: XML-RPC for C and C++ vulnerabilities

It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.33936EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/26 9:52 p.m.17 views

USN-8303-1: GitPython vulnerabilities

Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...

9.8CVSS6AI score0.01012EPSS
Exploits5
Ubuntu
Ubuntu
added 2026/05/26 8:39 p.m.16 views

USN-7972-2: OpenCC vulnerability

USN-7972-1 fixed a vulnerability in OpenCC. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that OpenCC incorrectly handled truncated UTF-8 input. An attacker could possibly use this issue to cause OpenCC to...

5.5CVSS6.1AI score0.0023EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/05/26 8:31 p.m.16 views

USN-8063-2: Protocol Buffers vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.4AI score0.00613EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/26 7:55 p.m.14 views

USN-8280-3: Linux kernel (IoT) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS6.1AI score0.96775EPSS
Exploits228
Ubuntu
Ubuntu
added 2026/05/26 7:11 p.m.8 views

USN-8311-1: Dnsmasq vulnerability

Petr Menšík discovered that Dnsmasq incorrectly handled certain input in the dhcprelease utility. A local attacker could possibly use this issue to cause Dnsmasq to crash, resulting in a denial of service...

6.9CVSS5.8AI score0.00182EPSS
Exploits0
Total number of security vulnerabilities10869