Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
added 2024/09/12 10:20 a.m.12 views

USN-7001-1: xmltok library vulnerabilities

Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan...

9.8CVSS7.4AI score0.01686EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/12 10:1 a.m.10 views

USN-7000-1: Expat vulnerabilities

Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan discovered that Expat did not properly...

9.8CVSS7.3AI score0.01686EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/12 9:40 a.m.37 views

USN-7003-1: Linux kernel vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. CVE-2024-40902 Several security issues were discovered in the Linux kernel. An attacker could...

7.8CVSS7AI score0.00322EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/11 4:23 p.m.9 views

USN-6997-2: LibTIFF vulnerability

USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial...

7.5CVSS6.9AI score0.01516EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/11 2:36 p.m.33 views

USN-6999-1: Linux kernel vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 It was discovered that the JFS file system contained an...

9.8CVSS7.5AI score0.02701EPSS
Exploits3
Ubuntu
Ubuntu
added 2024/09/11 1:33 a.m.15 views

USN-6998-1: Unbound vulnerabilities

It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. CVE-2024-43167 It was discovered that Unbound incorrectly handled memory in cfgmarkports, which could...

4.8CVSS6.5AI score0.00363EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/09 1:42 p.m.242 views

USN-6997-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service...

7.5CVSS6.9AI score0.01516EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/09 12:53 p.m.10 views

USN-6841-2: PHP vulnerability

USN-6841-1 fixed a vulnerability in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user...

5.3CVSS7.2AI score0.12117EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/09 12:1 p.m.15 views

USN-6996-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

9.8CVSS6.9AI score0.01344EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/09 2:36 a.m.60 views

USN-6995-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

9.8CVSS8.1AI score0.04395EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/05 8:39 p.m.33 views

USN-6994-1: Netty vulnerabilities

It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. CVE-2023-34462 It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to...

7.5CVSS7.2AI score0.99999EPSS
Exploits20
Ubuntu
Ubuntu
added 2024/09/05 8:33 p.m.61 views

USN-6991-1: AIOHTTP vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...

7.5CVSS7.3AI score0.76875EPSS
Exploits15
Ubuntu
Ubuntu
added 2024/09/05 1:54 a.m.371 views

USN-6993-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled memory when closing a window, leading to a double-free vulnerability. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user...

5.3CVSS5.7AI score0.00363EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/05 12:51 a.m.37 views

USN-6992-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-8382, CVE-2024-8383,...

9.8CVSS8.2AI score0.04395EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/04 6:37 p.m.18 views

USN-6990-1: znc vulnerability

Johannes Kuhn DasBrain discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server...

9.8CVSS6AI score0.03862EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/04 4:4 p.m.34 views

USN-6989-1: OpenStack vulnerability

Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS6.5AI score0.00545EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/04 12:58 p.m.32 views

USN-6985-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user...

8.1CVSS6.7AI score0.04092EPSS
Exploits6
Ubuntu
Ubuntu
added 2024/09/04 8:40 a.m.369 views

USN-6988-1: Twisted vulnerabilities

Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. CVE-2024-41671 It was discovered that Twisted did not properl...

8.3CVSS6.5AI score0.01109EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/03 4:36 p.m.16 views

USN-6987-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. CVE-2024-45230 It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate...

7.5CVSS6.1AI score0.25327EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/03 3:12 p.m.28 views

USN-6981-2: Drupal vulnerabilities

USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS8.1AI score0.84554EPSS
Exploits5
Ubuntu
Ubuntu
added 2024/09/03 2:33 p.m.410 views

USN-6986-1: OpenSSL vulnerability

David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information...

7.5CVSS6.9AI score0.66594EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/09/02 6:35 p.m.44 views

USN-6973-4: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...

8.4CVSS6.6AI score0.00798EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/02 2:36 p.m.41 views

USN-6983-1: FFmpeg vulnerability

Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code...

7.8CVSS7.1AI score0.00355EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/02 2:34 p.m.21 views

USN-6984-1: WebOb vulnerability

It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL...

6.1CVSS6.2AI score0.00497EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/09/02 3:31 a.m.30 views

USN-6982-1: Dovecot vulnerabilities

It was discovered that Dovecot did not not properly have restrictions on ithe size of address headers. A remote attacker could possibly use this issue to cause denial of service. CVE-2024-23184, CVE-2024-23185...

7.5CVSS7.4AI score0.01284EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/08/28 4:22 p.m.54 views

USN-6972-4: Linux kernel (Oracle) vulnerabilities

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...

8.8CVSS6.6AI score0.01167EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/27 4:57 p.m.31 views

USN-6981-1: Drupal vulnerabilities

It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-13671 It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite...

8.8CVSS8.1AI score0.84554EPSS
Exploits5
Ubuntu
Ubuntu
added 2024/08/26 5:16 p.m.39 views

USN-6973-3: Linux kernel (AWS) vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...

8.4CVSS6.6AI score0.00798EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/23 4:13 p.m.55 views

USN-6974-2: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - User-Mode Linux UML; - MMC subsystem; - Network drivers; - GFS2 file system; - IPv4...

8.4CVSS6.9AI score0.0038EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/23 3:29 p.m.57 views

USN-6972-3: Linux kernel (Azure) vulnerabilities

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...

8.8CVSS6.6AI score0.01167EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/23 3:26 p.m.48 views

USN-6973-2: Linux kernel (Azure) vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...

8.4CVSS6.6AI score0.00798EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/22 5:20 p.m.30 views

USN-6980-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

8.8CVSS7AI score0.04479EPSS
Exploits7
Ubuntu
Ubuntu
added 2024/08/22 3:18 p.m.60 views

USN-6978-1: XStream vulnerabilities

It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. CVE-2016-3674 Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run...

9.9CVSS7AI score0.85001EPSS
Exploits21
Ubuntu
Ubuntu
added 2024/08/22 12:11 p.m.57 views

USN-6972-2: Linux kernel (AWS) vulnerabilities

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...

8.8CVSS6.6AI score0.01167EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/22 11:54 a.m.73 views

USN-6979-1: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...

9.8CVSS7.3AI score0.02701EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/08/22 4:4 a.m.26 views

USN-6977-1: QEMU vulnerabilities

It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. CVE-2024-26327 It was discovered that QEMU did not properly handle certain memory operations, which...

6CVSS7AI score0.00529EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/21 9:8 p.m.43 views

USN-6975-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - User-Mode Linux UML; - MMC subsystem; CVE-2024-39292, CVE-2024-39484...

5.5CVSS7AI score0.00233EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/21 8:37 p.m.380 views

USN-6974-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - User-Mode Linux UML; - MMC subsystem; - Network drivers; - GFS2 file system; - IPv4...

8.4CVSS6.9AI score0.0038EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/21 7:27 p.m.338 views

USN-6973-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service system crash. CVE-2024-24860 Several security issues were discovere...

8.4CVSS6.6AI score0.00798EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/21 5:53 p.m.74 views

USN-6972-1: Linux kernel vulnerabilities

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service system crash. CVE-2024-22099 It was discovered that a race condition existed in th...

8.8CVSS6.6AI score0.01167EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/21 5:33 p.m.42 views

USN-6971-1: Linux kernel vulnerabilities

It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-37159 A security issue was...

6.4CVSS7.1AI score0.00395EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/21 5:6 p.m.95 views

USN-6950-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...

9.8CVSS6.9AI score0.01305EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/08/21 4:57 p.m.65 views

USN-6951-4: Linux kernel (BlueField) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - M68K architecture; - User-Mode Linux UML; - x86 architecture; - Accessibility subsystem; -...

9.8CVSS7.3AI score0.02701EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/08/21 2:28 a.m.39 views

USN-6965-1: Vim vulnerabilities

It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. CVE-2021-3973 It was discovered that vim incorrectly handled memor...

9.3CVSS7.8AI score0.01792EPSS
Exploits5
Ubuntu
Ubuntu
added 2024/08/21 12:20 a.m.30 views

USN-6966-2: Firefox regressions

USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.8AI score0.00602EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/08/20 6:15 p.m.25 views

USN-6944-2: curl vulnerability

USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Dov Murik discovered that curl incorrectly handled parsing ASN.1...

6.5CVSS7.1AI score0.16212EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/20 1:3 p.m.17 views

USN-6970-1: exfatprogs vulnerability

It was discovered that exfatprogs incorrectly handled certain memory operations. If a user or automated system were tricked into handling specially crafted exfat partitions, a remote attacker could use this issue to cause exfatprogs to crash, resulting in a denial of service, or possibly execute...

5.5CVSS5.8AI score0.00381EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/08/20 11:14 a.m.46 views

USN-6969-1: Cacti vulnerabilities

It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. CVE-2024-25641 It was...

9.1CVSS8.9AI score0.86303EPSS
Exploits25
Ubuntu
Ubuntu
added 2024/08/20 8:15 a.m.34 views

LSN-0106-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work...

7.7CVSS6.3AI score0.00276EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/08/20 12:2 a.m.41 views

USN-6967-1: Intel Microcode vulnerabilities

It was discovered that some Intel® Core™ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. CVE-2023-42667 It was discovered that some Intel® Processors did not properly isolate the stream cache. A local...

7.8CVSS6.6AI score0.00285EPSS
Exploits0
Total number of security vulnerabilities10888