Lucene search
K
UbuntuRecent

10876 matches found

Ubuntu
Ubuntu
•added 2024/12/13 8:38 p.m.•30 views

USN-7157-2: PHP regression

USN-7157-1 fixed vulnerabilities in PHP. The patch for CVE-2024-8932 caused a regression in php7.4. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker coul...

9.8CVSS7.8AI score0.02286EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/12/13 4:59 p.m.•256 views

USN-7157-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. CVE-2024-11233 It was discovered that PHP incorrectly handled certain HTTP request...

9.8CVSS7.5AI score0.02286EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/12/12 9:51 p.m.•19 views

USN-7158-1: Smarty vulnerabilities

It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...

7.3CVSS7.3AI score0.01016EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/12 8:26 p.m.•253 views

USN-7159-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...

7.8CVSS7AI score0.00289EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/12 5:47 p.m.•26 views

USN-7156-1: Linux kernel (GKE) vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

8.8CVSS7.4AI score0.00879EPSS
Exploits16
Ubuntu
Ubuntu
•added 2024/12/12 5:27 p.m.•31 views

USN-7155-1: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...

8.8CVSS7.5AI score0.00879EPSS
Exploits12
Ubuntu
Ubuntu
•added 2024/12/12 5:9 p.m.•256 views

USN-7154-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...

8.8CVSS7.5AI score0.00879EPSS
Exploits12
Ubuntu
Ubuntu
•added 2024/12/12 4:17 p.m.•20 views

USN-7153-1: PHP vulnerability

It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. CVE-2024-11236...

9.8CVSS7.2AI score0.02079EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/12 6:58 a.m.•7 views

USN-7108-2: AsyncSSH vulnerabilities

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...

6.8CVSS7AI score0.00867EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/11 11:11 p.m.•21 views

USN-7151-1: oFono vulnerabilities

It was discovered that oFono incorrectly handled decoding SMS messages leading to a stack overflow. A remote attacker could potentially use this issue to cause a denial of service. CVE-2023-4232, CVE-2023-4235...

8.1CVSS7.8AI score0.00947EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/12/11 3:4 p.m.•33 views

USN-7150-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled a certain redirect. A remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This issue was only addressed in Ubuntu 22.04 LTS,...

7.5CVSS6.5AI score0.01132EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/11 12:14 a.m.•273 views

USN-7149-1: Intel Microcode vulnerabilities

Avraham Shalev and Nagaraju N Kodalapura discovered that some IntelR XeonR processors did not properly restrict access to the memory controller when using IntelR SGX. This may allow a local privileged attacker to further escalate their privileges. CVE-2024-21820, CVE-2024-23918 It was discovered...

8.8CVSS6AI score0.00256EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/10 7:52 p.m.•38 views

USN-7148-1: Linux kernel vulnerabilities

Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information kernel memory. Several security issues were discovered in the Linux kernel. An attacker could...

8.4CVSS7AI score0.004EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/10 6:8 p.m.•23 views

USN-7147-1: Apache Shiro vulnerabilities

It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An attacker could possibly use this issue to obtain sensitive information or administrative privileges. This update provides the corresponding fix for Ubuntu 24.04 LTS and...

9.8CVSS7AI score0.0968EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/10 8:54 a.m.•29 views

USN-7146-1: Dogtag PKI vulnerabilities

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...

7.5CVSS7.1AI score0.85323EPSS
Exploits5
Ubuntu
Ubuntu
•added 2024/12/10 1:42 a.m.•242 views

USN-7145-1: Expat vulnerability

It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...

5.9CVSS7.1AI score0.0104EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/09 11:53 p.m.•13 views

USN-7141-1: oFono vulnerabilities

It was discovered that oFono incorrectly handled decoding SMS messages leading to a stack overflow. A remote attacker could potentially use this issue to cause a denial of service. CVE-2023-2794, CVE-2023-4233, CVE-2023-4234...

8.1CVSS7.8AI score0.0124EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/12/09 4:46 p.m.•24 views

USN-7144-1: Linux kernel (Intel IoTG) vulnerabilities

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...

8.8CVSS7.8AI score0.00879EPSS
Exploits8
Ubuntu
Ubuntu
•added 2024/12/09 2:37 p.m.•15 views

USN-7143-1: RabbitMQ Server vulnerabilities

Christian Rellmann discovered that RabbitMQ Server did not properly sanitize user input when adding a new user via the management UI. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. CVE-2021-32718 Fahimhusain Raydurg discovered that...

5.4CVSS4.8AI score0.01437EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/12/09 12:16 p.m.•248 views

USN-7142-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS7.4AI score0.21044EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/09 4:23 a.m.•20 views

USN-7140-1: Tinyproxy vulnerability

It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used...

7.5CVSS6.2AI score0.01413EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/05 4:53 p.m.•242 views

USN-7117-3: needrestart regression

USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem for LXC containers. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/12/05 2:7 p.m.•16 views

USN-7139-1: Apache Shiro vulnerability

It was discovered that Apache Shiro used a static cipher within the "Remember Me" feature inside authentication by default. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information...

9.8CVSS8.6AI score0.93143EPSS
Exploits9
Ubuntu
Ubuntu
•added 2024/12/05 1:43 p.m.•10 views

USN-7138-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7.2AI score0.00388EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/04 8:22 p.m.•17 views

USN-7137-1: recutils vulnerabilities

It was discovered that recutils incorrectly handled memory when parsing comments with the recparser utility. An attacker could possibly use this issue to cause a denial of service or run arbitrary commands. CVE-2021-46019, CVE-2021-46021, CVE-2021-46022 It was discovered that recutils incorrectly...

8.8CVSS6.8AI score0.0189EPSS
Exploits13
Ubuntu
Ubuntu
•added 2024/12/04 8:8 p.m.•17 views

USN-7136-2: Django vulnerability

USN-7136-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Djan...

7.5CVSS7.4AI score0.01424EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/04 6:4 p.m.•18 views

USN-7136-1: Django vulnerabilities

jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. CVE-2024-53907 Seokchan Yoon discovered that Django incorrectly handled HasKey lookups when using Oracl...

9.8CVSS7.4AI score0.01424EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/03 5:28 a.m.•10 views

USN-7135-1: HAProxy vulnerability

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions...

9.1CVSS7.6AI score0.05493EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/03 1:10 a.m.•22 views

USN-7134-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-11692, CVE-2024-11694,...

9.8CVSS7.7AI score0.00919EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/03 12:22 a.m.•16 views

USN-7133-1: HAProxy vulnerability

Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...

5.3CVSS5.6AI score0.01043EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/12/02 12:30 p.m.•242 views

USN-7132-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. CVE-2024-10976 Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is...

8.8CVSS7AI score0.04422EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/12/02 9:8 a.m.•13 views

USN-6846-2: Ansible regression

USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ansible incorrectly handled certain inputs when using towercallback parameter. If a user...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/27 5:25 p.m.•242 views

USN-7131-1: Vim vulnerability

It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service...

4.7CVSS6.5AI score0.00291EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/27 12:46 p.m.•232 views

USN-7092-2: mpg123 vulnerability

USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or...

6.7CVSS7AI score0.00348EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/27 12:38 a.m.•251 views

USN-7126-1: libsoup vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. CVE-2024-52530 It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An...

8.4CVSS7.4AI score0.00933EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/11/27 12:29 a.m.•17 views

USN-7127-1: libsoup3 vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-52530 It was discovered that libsoup did not...

8.4CVSS7.4AI score0.00933EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/11/26 7:29 p.m.•13 views

USN-7130-1: GitHub CLI vulnerability

It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...

9.6CVSS8.8AI score0.00861EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/26 6:25 p.m.•240 views

USN-6988-2: Twisted vulnerability

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Ben Kallus discovered that Twisted incorrectly handled...

8.3CVSS7.9AI score0.00856EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/26 3:43 p.m.•16 views

USN-7129-1: TinyGLTF vulnerability

It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

8.8CVSS8.2AI score0.02809EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/26 1:43 p.m.•244 views

USN-7128-1: Pygments vulnerability

Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...

5.5CVSS6.3AI score0.00503EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/26 9:29 a.m.•256 views

USN-7117-2: needrestart regression

USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/25 5:38 p.m.•16 views

USN-7125-1: RapidJSON vulnerability

It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

7.8CVSS7.3AI score0.00375EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/25 1:43 p.m.•23 views

USN-7121-3: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

8.4CVSS7AI score0.00333EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/24 11:9 p.m.•21 views

USN-7124-1: OpenJDK 23 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 23 did not...

4.8CVSS6.6AI score0.01157EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/22 2:20 a.m.•25 views

USN-7015-6: Python regressions

USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/21 10:58 p.m.•22 views

USN-7120-3: Linux kernel (Low Latency) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...

8.4CVSS6.9AI score0.00268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/21 12:23 p.m.•24 views

USN-7118-1: ZBar vulnerabilities

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...

9.8CVSS8.2AI score0.01787EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/21 3:39 a.m.•19 views

USN-7091-2: Ruby vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...

8.7CVSS7.2AI score0.02064EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2024/11/20 1:42 p.m.•29 views

USN-7120-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...

8.4CVSS6.9AI score0.00268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/20 1:36 p.m.•34 views

USN-7121-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

8.4CVSS7AI score0.00333EPSS
Exploits1
Total number of security vulnerabilities10876