Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
•added 2024/06/10 4:9 p.m.•157 views

USN-6818-2: Linux kernel (ARM laptop) vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 It was...

7.8CVSS6.9AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/06/10 2:27 p.m.•305 views

USN-6824-1: GIFLIB vulnerabilities

It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service. CVE-2021-40633, CVE-2022-28506, CVE-2023-39742...

8.8CVSS6.3AI score0.01533EPSS
Exploits3
Ubuntu
Ubuntu
•added 2024/06/10 9:15 a.m.•45 views

LSN-0104-1: Kernel Live Patch Security Notice

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.CVE-2023-6270 It was discovered that a race condition exist...

7.8CVSS6.7AI score0.02224EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/06/10 8:42 a.m.•48 views

USN-6822-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...

9.8CVSS7.6AI score0.01484EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/06/07 10:51 p.m.•53 views

USN-6821-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...

9.1CVSS7.5AI score0.01635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/07 10:40 p.m.•371 views

USN-6820-1: Linux kernel vulnerabilities

It was discovered that the ATA over Ethernet AoE driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6270 It was discovered that the Atheros 802.11ac...

9.1CVSS7.4AI score0.01635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/07 8:33 p.m.•118 views

USN-6819-1: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

7.8CVSS6.9AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/06/07 8:18 p.m.•120 views

USN-6818-1: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 It was...

7.8CVSS6.9AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/06/07 6:49 p.m.•129 views

USN-6817-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

9.1CVSS7.5AI score0.01635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/07 6:18 p.m.•114 views

USN-6816-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

9.1CVSS7.5AI score0.01635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/06 6:12 p.m.•41 views

USN-6815-1: AOM vulnerability

Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

10CVSS7.5AI score0.01254EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/06/06 4:43 p.m.•23 views

USN-6814-1: libvpx vulnerability

Xiantong Hou discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

9.1CVSS8.2AI score0.00814EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/06/06 12:29 p.m.•295 views

USN-6567-2: QEMU regression

USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in certain environments. This update fixes the problem. Original advisory details: Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the...

7.1AI score0.01606EPSS
Exploits5References1
Ubuntu
Ubuntu
•added 2024/06/06 1:57 a.m.•56 views

USN-6813-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 21 incorrectly performed reverse DNS query...

3.7CVSS6.9AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/06 1:55 a.m.•53 views

USN-6812-1: OpenJDK 17 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 17 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 17 incorrectly performed reverse DNS query...

3.7CVSS6.9AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/06 1:54 a.m.•56 views

USN-6811-1: OpenJDK 11 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...

3.7CVSS6.8AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/06 1:46 a.m.•61 views

USN-6810-1: OpenJDK 8 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 8 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 Vladimir Kondratyev discovered that the Hotspot component of OpenJDK 8...

3.7CVSS6.9AI score0.01361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/05 8:10 p.m.•19 views

USN-6808-1: Atril vulnerability

It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges...

8.5CVSS7.7AI score0.01016EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/06/05 7:56 p.m.•276 views

USN-6809-1: BlueZ vulnerabilities

It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2022-3563 It was discovered that BlueZ could be made to write out of bounds. If a user were tricked into...

8CVSS6.8AI score0.01427EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/05 5:19 p.m.•49 views

USN-6807-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2022-26126, CVE-2022-26127, CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035, CVE-2023-31490,...

9.8CVSS7.2AI score0.02152EPSS
Exploits8
Ubuntu
Ubuntu
•added 2024/06/05 1:41 p.m.•46 views

USN-6806-1: GDK-PixBuf vulnerability

Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf library did not properly handle certain ANI files. An attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or to possibly execute arbitrary code...

7.8CVSS7.8AI score0.00415EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/06/05 1:17 p.m.•28 views

USN-6715-2: unixODBC vulnerability

USN-6715-1 fixed a vulnerability in unixODBC. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash...

7.8CVSS7.7AI score0.00284EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/06/04 1:29 p.m.•373 views

USN-6805-1: libarchive vulnerability

It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...

7.8CVSS6.9AI score0.87784EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/31 1:34 p.m.•395 views

USN-6804-1: GNU C Library vulnerabilities

It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash. CVE-2024-33599 It was discovered that GNU C Library nscd daemon did not properly check the cache content, leading to a null pointer...

8.1CVSS6.5AI score0.0131EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/30 3:53 p.m.•301 views

USN-6803-1: FFmpeg vulnerabilities

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. CVE-2023-49501 Zen...

8.8CVSS6.8AI score0.01545EPSS
Exploits7
Ubuntu
Ubuntu
•added 2024/05/30 11:59 a.m.•29 views

USN-6802-1: PostgreSQL vulnerability

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pgstatsext and pgstatsextexprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users. NOTE: This update will...

4.3CVSS6.8AI score0.00722EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/30 11:38 a.m.•28 views

USN-6801-1: PyMySQL vulnerability

It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks...

6.3CVSS6.6AI score0.00691EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/30 10:12 a.m.•37 views

USN-6800-1: browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

7.5CVSS6.8AI score0.00508EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/29 3:38 p.m.•29 views

USN-6799-1: Werkzeug vulnerability

It was discovered that the debugger in Werkzeug was not restricted to trusted hosts. A remote attacker could possibly use this issue to execute code on the host under certain circumstances...

7.5CVSS6.6AI score0.03397EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/29 2:58 p.m.•30 views

USN-6798-1: GStreamer Base Plugins vulnerability

It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash...

7.8CVSS7.5AI score0.01565EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/29 1:21 p.m.•378 views

USN-6796-1: TPM2 Software Stack vulnerabilities

Fergus Dall discovered that TPM2 Software Stack did not properly handle layer arrays. An attacker could possibly use this issue to cause TPM2 Software Stack to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-22745 Jurgen Repp and Andreas Fuchs discovered that...

6.4CVSS6.9AI score0.00519EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/29 7:13 a.m.•58 views

USN-6797-1: Intel Microcode vulnerabilities

It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only...

8.2CVSS7.3AI score0.0075EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/29 4:25 a.m.•48 views

USN-6779-2: Firefox regressions

USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potential...

8.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/05/28 7:6 p.m.•109 views

USN-6795-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

7.8CVSS7.3AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/28 4:8 p.m.•40 views

USN-6792-1: Flask-Security vulnerability

Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary URLs...

6.1CVSS6.6AI score0.00895EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/28 3:29 p.m.•39 views

USN-6794-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain malformed BGP and OSPF packets. A remote attacker could use this issue to cause FRR to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.4AI score0.00825EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 1:39 p.m.•435 views

USN-6793-1: Git vulnerabilities

It was discovered that Git incorrectly handled certain submodules. An attacker could possibly use this issue to execute arbitrary code. This issue was fixed in Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. CVE-2024-32002 It was discovered that Git incorrectly handled certain cloned...

9CVSS7.5AI score0.25334EPSS
Exploits34
Ubuntu
Ubuntu
•added 2024/05/28 1:28 p.m.•390 views

USN-6787-1: Jinja2 vulnerability

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

5.4CVSS6.4AI score0.00979EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 11:34 a.m.•381 views

USN-6791-1: Unbound vulnerability

It was discovered that Unbound could take part in a denial of service amplification attack known as DNSBomb. This update introduces certain resource limits to make the impact from Unbound significantly lower...

7.5CVSS6.8AI score0.01729EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 11:24 a.m.•56 views

USN-6790-1: amavisd-new vulnerability

It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote attacker could possibly use this issue to bypass checks for banned files or malware...

7.4CVSS7.3AI score0.00826EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 11:7 a.m.•30 views

USN-6789-1: LibreOffice vulnerability

Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially crafted document, a remote attacker could possibly run arbitrary script...

6.5CVSS6.7AI score0.01008EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 10:49 a.m.•42 views

USN-6788-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.1CVSS7.4AI score0.00603EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/28 6:1 a.m.•33 views

USN-6786-1: Netatalk vulnerabilities

It was discovered that Netatalk did not properly protect an SMB and AFP default configuration. A remote attacker could possibly use this issue to execute arbitrary code...

10CVSS8.4AI score0.02656EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/27 3:33 p.m.•58 views

USN-6673-3: python-cryptography vulnerability

USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS12 keys. A remote attacker...

7.5CVSS6.6AI score0.00831EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/23 4:27 p.m.•92 views

USN-6785-1: GNOME Remote Desktop vulnerability

Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections...

7.5CVSS7.3AI score0.00569EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/23 1:0 p.m.•78 views

USN-6784-1: cJSON vulnerabilities

It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. CVE-2023-50471, CVE-2023-50472 Luo Jin discovered that cJSON incorrectly...

7.6CVSS6.3AI score0.01508EPSS
Exploits3
Ubuntu
Ubuntu
•added 2024/05/23 12:2 p.m.•60 views

USN-6777-4: Linux kernel (HWE) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/23 9:28 a.m.•76 views

USN-6736-2: klibc vulnerabilities

USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibl...

9.8CVSS7.9AI score0.51733EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/23 9:27 a.m.•21 views

USN-6663-3: OpenSSL update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/05/22 6:6 p.m.•44 views

USN-6783-1: VLC vulnerabilities

It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution...

9.8CVSS8AI score0.01096EPSS
Exploits2
Total number of security vulnerabilities10888