Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
•added 2024/05/22 5:6 a.m.•54 views

USN-6782-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS8.2AI score0.72648EPSS
Exploits18
Ubuntu
Ubuntu
•added 2024/05/21 10:39 p.m.•54 views

USN-6775-2: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/21 10:34 p.m.•68 views

USN-6777-3: Linux kernel (GCP) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/21 1:56 p.m.•399 views

USN-6780-1: idna vulnerability

Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.8AI score0.01386EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/21 1:21 p.m.•38 views

USN-6781-1: Spreadsheet::ParseExcel vulnerability

Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated input from a file into a string-type "eval". An attacker could craft a malicious file to achieve arbitrary code execution...

7.8CVSS8AI score0.167EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/21 5:46 a.m.•56 views

USN-6779-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-4767, CVE-2024-4768,...

9.8CVSS8.2AI score0.72648EPSS
Exploits23
Ubuntu
Ubuntu
•added 2024/05/20 1:33 p.m.•54 views

USN-6777-2: Linux kernel (Azure) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/20 1:5 p.m.•66 views

USN-6766-3: Linux kernel (AWS) vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

7.8CVSS7.3AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/16 5:41 p.m.•58 views

USN-6778-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/16 5:16 p.m.•64 views

USN-6777-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/16 4:47 p.m.•76 views

USN-6776-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/16 3:39 p.m.•67 views

USN-6775-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

7.8CVSS6.8AI score0.00315EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/16 2:27 p.m.•57 views

USN-6774-1: Linux kernel vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Sander...

7.8CVSS7.1AI score0.08555EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/16 1:40 p.m.•46 views

USN-6773-1: .NET vulnerabilities

It was discovered that .NET did not properly handle memory in it's Double Parse routine. An attacker could possibly use this issue to achieve remote code execution. CVE-2024-30045 It was discovered that .NET did not properly handle the usage of a shared resource. An attacker could possibly use th...

6.3CVSS7.9AI score0.01688EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/15 3:15 p.m.•105 views

USN-6766-2: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

7.8CVSS7.3AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/14 11:20 a.m.•18 views

USN-6772-1: strongSwan vulnerability

Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls...

7.7CVSS5.4AI score0.00464EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/14 9:0 a.m.•81 views

USN-6767-2: Linux kernel (BlueField) vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

7.8CVSS6.9AI score0.00318EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/13 1:14 p.m.•23 views

USN-6771-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.6AI score0.0321EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/09 5:46 p.m.•9 views

USN-6770-1: Fossil regression

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The update lead to the discovery of a regression in Fossil with regards to the handling of POST requests that do not have a Content-Length field set. This update fixes the problem. We apologize for the inconvenience...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/05/09 3:54 p.m.•28 views

USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities

Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. CVE-2024-22368 An Pham discovered that Spreadsheet::ParseXLSX...

6.5CVSS6.2AI score0.00776EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/09 1:13 p.m.•373 views

USN-6768-1: GLib vulnerability

Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety of impacts including possible privilege escalation...

5.2CVSS6.5AI score0.00756EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/07 7:36 p.m.•87 views

USN-6767-1: Linux kernel vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

7.8CVSS6.9AI score0.00318EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/07 7:22 p.m.•105 views

USN-6766-1: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

7.8CVSS7.3AI score0.78388EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/05/07 2:58 p.m.•389 views

USN-6764-1: libde265 vulnerability

It was discovered that libde265 could be made to allocate memory that exceeds the maximum supported size. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service...

3.3CVSS4.9AI score0.00232EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/07 2:44 p.m.•74 views

USN-6754-2: nghttp2 vulnerability

USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume...

5.3CVSS7.1AI score0.8496EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/07 11:21 a.m.•30 views

USN-6763-1: libvirt vulnerability

Martin Å irokov discovered that libvirt incorrectly handled certain memory operations. A local attacker could possibly use this issue to access virtproxyd without authorization...

6.2CVSS7AI score0.00486EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/05/07 12:0 a.m.•138 views

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause ...

5CVSS7.5AI score0.78388EPSS
Exploits2References123
Ubuntu
Ubuntu
•added 2024/05/02 3:57 p.m.•61 views

USN-6757-2: PHP vulnerabilities

USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. Original advisory details: It was discovered that PHP incorrectly handled PHPCLISERVERWORKERS variable. An attacker could...

6.5CVSS7.4AI score0.3786EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/05/02 12:45 p.m.•433 views

USN-6762-1: GNU C Library vulnerabilities

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-9984 It was discovered that GNU C Library might allow context-dependent attackers t...

9.8CVSS8.4AI score0.8833EPSS
Exploits20References1
Ubuntu
Ubuntu
•added 2024/05/02 3:20 a.m.•54 views

USN-6747-2: Firefox regressions

USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potential...

7.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/04/30 10:40 p.m.•35 views

USN-6760-1: Gerbv vulnerability

George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of servic...

5.5CVSS7.3AI score0.00308EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/04/30 11:6 a.m.•61 views

LSN-0103-1: Kernel Live Patch Security Notice

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information kernel memory.CVE-2023-4569 Xingyuan Mo discovered that the netfilter subsystem in the Lin...

7.8CVSS7.2AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
•added 2024/04/30 10:50 a.m.•49 views

USN-6758-1: JSON5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

8.8CVSS7AI score0.09304EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/04/30 7:33 a.m.•23 views

USN-6761-1: Anope vulnerability

It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...

5.3CVSS5.8AI score0.00491EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/04/29 4:44 p.m.•47 views

USN-6759-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service...

9.8CVSS6.7AI score0.0137EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/29 2:19 p.m.•82 views

USN-6757-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled PHPCLISERVERWORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-4900 It was discovered that PHP incorrectly handled certain...

6.5CVSS7.1AI score0.3786EPSS
Exploits1
Ubuntu
Ubuntu
•added 2024/04/29 1:4 p.m.•33 views

USN-6744-3: Pillow vulnerability

USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a...

6.7CVSS6.9AI score0.00989EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/29 11:43 a.m.•54 views

USN-6734-2: libvirt vulnerabilities

USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash,...

6.2CVSS6.6AI score0.00398EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/29 11:38 a.m.•39 views

USN-6733-2: GnuTLS vulnerabilities

USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover...

5.3CVSS6.6AI score0.00718EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/29 11:34 a.m.•43 views

USN-6718-3: curl vulnerabilities

USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrar...

8.6CVSS6.8AI score0.36081EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/04/29 11:31 a.m.•102 views

USN-6729-3: Apache HTTP Server vulnerabilities

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue ...

7.5CVSS7.4AI score0.91327EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/04/29 11:27 a.m.•77 views

USN-6737-2: GNU C Library vulnerability

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause...

7.3CVSS7.8AI score0.8833EPSS
Exploits16
Ubuntu
Ubuntu
•added 2024/04/29 11:23 a.m.•29 views

USN-6755-1: GNU cpio vulnerabilities

Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the...

4.9CVSS5.9AI score0.00906EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/29 10:18 a.m.•293 views

USN-6756-1: less vulnerability

It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host...

8.6CVSS7.2AI score0.00628EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/25 10:23 p.m.•421 views

USN-6754-1: nghttp2 vulnerabilities

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2019-9511, CVE-2019-9513 It was...

7.8CVSS7AI score0.99999EPSS
Exploits20
Ubuntu
Ubuntu
•added 2024/04/25 8:59 p.m.•33 views

USN-6753-1: CryptoJS vulnerability

Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information...

9.1CVSS8AI score0.00635EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/25 8:13 p.m.•121 views

USN-6751-1: Zabbix vulnerabilities

It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting XSS attacks. CVE-2022-35229, CVE-2022-35230...

5.4CVSS5.9AI score0.00602EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/25 2:39 p.m.•30 views

USN-6752-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service...

9.8CVSS6.7AI score0.0137EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/04/25 3:24 a.m.•44 views

USN-6750-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.9AI score0.00847EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/04/24 10:56 p.m.•52 views

USN-6743-3: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,...

7.8CVSS6.8AI score0.02224EPSS
Exploits1
Total number of security vulnerabilities10888