Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
•added 2024/11/26 3:43 p.m.•16 views

USN-7129-1: TinyGLTF vulnerability

It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

8.8CVSS8.2AI score0.02809EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/26 1:43 p.m.•244 views

USN-7128-1: Pygments vulnerability

Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...

5.5CVSS6.3AI score0.00503EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/26 9:29 a.m.•256 views

USN-7117-2: needrestart regression

USN-7117-1 fixed vulnerabilities in needrestart. The update introduced a regression in needrestart. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/25 5:38 p.m.•16 views

USN-7125-1: RapidJSON vulnerability

It was discovered that RapidJSON incorrectly parsed numbers written in scientific notation, leading to an integer underflow. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

7.8CVSS7.3AI score0.00375EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/25 1:43 p.m.•23 views

USN-7121-3: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

8.4CVSS7AI score0.00333EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/24 11:9 p.m.•21 views

USN-7124-1: OpenJDK 23 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 23 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 23 did not...

4.8CVSS6.6AI score0.01157EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/22 2:20 a.m.•25 views

USN-7015-6: Python regressions

USN-7015-5 fixed vulnerabilities in python2.7. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python email module incorrectly parsed email addresses that contain special...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/11/21 10:58 p.m.•24 views

USN-7120-3: Linux kernel (Low Latency) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...

8.4CVSS6.9AI score0.00268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/21 12:23 p.m.•24 views

USN-7118-1: ZBar vulnerabilities

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...

9.8CVSS8.2AI score0.01787EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/21 3:39 a.m.•20 views

USN-7091-2: Ruby vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...

8.7CVSS7.2AI score0.02064EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2024/11/20 1:42 p.m.•29 views

USN-7120-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...

8.4CVSS6.9AI score0.00268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/20 1:36 p.m.•34 views

USN-7121-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

8.4CVSS7AI score0.00333EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/20 1:30 p.m.•35 views

USN-7123-1: Linux kernel (Azure) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service system crash or possibly expose sensitive information...

8.8CVSS7.6AI score0.00879EPSS
Exploits9
Ubuntu
Ubuntu
•added 2024/11/19 11:57 p.m.•25 views

USN-7122-1: Linux kernel vulnerability

A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture;...

7.8CVSS7AI score0.00244EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/19 11:44 p.m.•38 views

USN-7121-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM...

8.4CVSS7AI score0.00333EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/19 11:39 p.m.•24 views

USN-7120-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; CVE-2024-46800, CVE-2024-43882...

8.4CVSS6.9AI score0.00268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/19 10:47 p.m.•29 views

USN-7119-1: Linux kernel (IoT) vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Several security issues were discovered in the Linux kernel. An attacker could...

8.8CVSS7.2AI score0.00879EPSS
Exploits6
Ubuntu
Ubuntu
•added 2024/11/19 10:35 p.m.•18 views

USN-7089-7: Linux kernel (Low Latency) vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

7.8CVSS7AI score0.00478EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/11/19 5:54 p.m.•257 views

USN-7117-1: needrestart and Module::ScanDeps vulnerabilities

Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. CVE-2024-11003 Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed...

7.8CVSS7.7AI score0.19924EPSS
Exploits16
Ubuntu
Ubuntu
•added 2024/11/19 5:19 p.m.•14 views

USN-7115-1: Waitress vulnerabilities

It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2024-49768 Dylan Jay discovered th...

9.1CVSS6.7AI score0.01386EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/19 2:31 p.m.•250 views

USN-7015-5: Python vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: It was discovered that the...

7.5CVSS6.8AI score0.02203EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/11/19 1:22 p.m.•256 views

USN-7116-1: Python vulnerability

It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated...

7.8CVSS7.6AI score0.00647EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/18 4:25 p.m.•250 views

USN-7114-1: GLib vulnerability

It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior...

9.8CVSS7.3AI score0.01263EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/18 3:10 p.m.•248 views

USN-7104-1: curl vulnerability

It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure...

6.5CVSS6.7AI score0.0197EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/18 12:47 p.m.•19 views

USN-7113-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

5.4CVSS6.4AI score0.0095EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/18 5:27 a.m.•16 views

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

6.8CVSS6.9AI score0.00867EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/15 10:36 a.m.•23 views

USN-7089-6: Linux kernel vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

7.8CVSS7AI score0.00478EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/11/15 1:44 a.m.•236 views

USN-7112-1: GD Graphics Library vulnerability

It was discovered that the GD Graphics Library did not perform proper bounds checking while handling BMP and WebP files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service application crash...

6.5CVSS6AI score0.01543EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/14 5:26 p.m.•25 views

USN-7111-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

8.1CVSS7.3AI score0.91969EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/14 5:24 p.m.•22 views

USN-7088-5: Linux kernel vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Several security issues were discovered in the Linux kernel. An attacker could...

8.8CVSS7.2AI score0.00879EPSS
Exploits6
Ubuntu
Ubuntu
•added 2024/11/14 4:55 p.m.•24 views

USN-7089-5: Linux kernel vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

7.8CVSS7AI score0.00478EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/11/14 4:38 p.m.•14 views

USN-7071-2: Linux kernel vulnerability

A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; CVE-2024-45016...

5.5CVSS7AI score0.00239EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/14 4:8 p.m.•14 views

USN-7110-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - HW tracing; - ISDN/mISDN subsystem; - Media drivers; - Network drivers; - SCSI drivers; - USB...

7.8CVSS6.9AI score0.00622EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/14 2:39 p.m.•23 views

USN-7049-2: PHP vulnerabilities

USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject...

7.5CVSS7.2AI score0.01077EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/11/14 1:57 p.m.•36 views

USN-7109-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

9.8CVSS7.5AI score0.91969EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/13 3:16 p.m.•10 views

USN-7107-1: zlib vulnerability

It was discovered that Minizip in zlib incorrectly handled certain zip header fields. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code...

9.8CVSS7.7AI score0.02918EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/13 12:5 p.m.•29 views

USN-7089-4: Linux kernel vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

7.8CVSS7AI score0.00478EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/11/13 7:19 a.m.•23 views

USN-7106-1: Tomcat vulnerabilities

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. CVE-2023-28708 It was discovered that Tomcat had a vulnerability in its...

6.3CVSS7.1AI score0.05972EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/11/12 10:3 p.m.•15 views

USN-7105-1: .NET vulnerabilities

It was discovered that the NrbfDecoder component in .NET did not properly handle an instance of a type confusion vulnerability. An authenticated attacker could possibly use this issue to gain the privileges of another user and execute arbitrary code. CVE-2024-43498 It was discovered that the...

9.8CVSS8.7AI score0.03512EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/12 3:54 p.m.•241 views

USN-7103-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956 It was discovered...

8.4CVSS7AI score0.0055EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/12 2:54 p.m.•30 views

USN-7100-2: Linux kernel vulnerabilities

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...

8.8CVSS7.3AI score0.00879EPSS
Exploits8
Ubuntu
Ubuntu
•added 2024/11/12 12:34 p.m.•260 views

USN-7102-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug...

6.5CVSS5.8AI score0.01022EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/12 12:2 p.m.•10 views

USN-7101-1: Pydantic vulnerability

It was discovered that Pydantic incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service via a crafted email string...

7.5CVSS6.4AI score0.00949EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/11/11 3:11 p.m.•262 views

USN-7100-1: Linux kernel vulnerabilities

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...

8.8CVSS7.3AI score0.00879EPSS
Exploits8
Ubuntu
Ubuntu
•added 2024/11/11 1:4 a.m.•19 views

USN-7098-1: OpenJDK 17 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 17 did not...

7.4CVSS7.6AI score0.01257EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/11 1:2 a.m.•239 views

USN-7097-1: OpenJDK 11 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 11 did not...

7.4CVSS7.6AI score0.01257EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/11 1:0 a.m.•237 views

USN-7096-1: OpenJDK 8 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 8 did not...

7.4CVSS7.8AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/10 11:54 p.m.•17 views

USN-7099-1: OpenJDK 21 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 21 did not...

4.8CVSS6.6AI score0.01157EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/11/08 1:42 a.m.•251 views

USN-7094-1: QEMU vulnerabilities

It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2019-20382 It was discovered that QEMU...

7.8CVSS7.5AI score0.03566EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2024/11/07 12:27 p.m.•15 views

USN-6882-2: Cinder regression

USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin Kaesberger discovered that Cinder incorrectly handled QCOW2...

6.5CVSS6.9AI score0.01025EPSS
Exploits1
Total number of security vulnerabilities10888