Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
added 2024/04/24 7:55 p.m.386 views

USN-6657-2: Dnsmasq vulnerabilities

USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC...

7.5CVSS7AI score0.99995EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/24 5:25 p.m.39 views

USN-6749-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-22211 Evgeny...

9.8CVSS7.5AI score0.0375EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/24 5:23 a.m.42 views

USN-6748-1: Sanitize vulnerabilities

It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...

7.1CVSS6.3AI score0.00603EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/24 4:43 a.m.54 views

USN-6747-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-3852, CVE-2024-3864,...

8.8CVSS7.9AI score0.00847EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/23 5:37 p.m.67 views

USN-6742-2: Linux kernel vulnerabilities

Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...

7.8CVSS7.2AI score0.02224EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/23 11:38 a.m.39 views

USN-6746-1: Google Guest Agent and Google OS Config Agent vulnerability

It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.1AI score0.01262EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/23 11:20 a.m.72 views

USN-6728-3: Squid vulnerability

USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update. We apologize for the inconvenience...

8.6CVSS6.5AI score0.88864EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/04/22 5:40 p.m.50 views

USN-6743-2: Linux kernel (Low Latency) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,...

7.8CVSS6.8AI score0.02224EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/22 1:46 p.m.36 views

USN-6744-2: Pillow vulnerability

USN-6744-1 fixed a vulnerability in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Original advisory details: Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead ...

6.7CVSS6.9AI score0.00989EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/22 11:12 a.m.30 views

USN-6745-1: Percona XtraBackup vulnerability

It was discovered that in Percona XtraBackup, a local crafted filename could trigger arbitrary code execution...

7.8CVSS7.6AI score0.00461EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/22 9:47 a.m.59 views

USN-6738-1: LXD vulnerability

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD incorrectly handled the handshake phase and the use of sequence numbers in SSH Binary Packet Protocol BPP. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could...

5.9CVSS7AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/04/22 9:25 a.m.373 views

USN-6744-1: Pillow vulnerability

Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a deni...

6.7CVSS6.7AI score0.00989EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/19 2:4 p.m.60 views

USN-6743-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - JFS file system; - BPF subsystem; - Netfilter; CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,...

7.8CVSS6.8AI score0.02224EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/19 1:51 p.m.118 views

USN-6742-1: Linux kernel vulnerabilities

Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...

7.8CVSS7.2AI score0.02224EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/19 1:42 p.m.63 views

USN-6741-1: Linux kernel vulnerabilities

Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...

7.8CVSS7.2AI score0.02224EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/19 1:32 p.m.77 views

USN-6740-1: Linux kernel vulnerabilities

Wei Chen discovered that a race condition existed in the TIPC protocol implementation in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-1382 It was discovered that the virtio network...

7.8CVSS7.5AI score0.01377EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/04/19 1:23 p.m.48 views

USN-6739-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service system crash. CVE-2022-20422 Wei Chen discovered that a race condition existed in the TIPC protocol implementation in...

7.8CVSS7.5AI score0.01377EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/04/18 11:58 a.m.92 views

USN-6737-1: GNU C Library vulnerability

Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.3CVSS7.6AI score0.8833EPSS
Exploits16
Ubuntu
Ubuntu
added 2024/04/17 3:26 p.m.161 views

USN-6729-2: Apache HTTP Server vulnerabilities

USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...

7.5CVSS7.5AI score0.91327EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/17 1:6 p.m.79 views

USN-6726-3: Linux kernel (Xilinx ZynqMP) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

7.8CVSS6.9AI score0.01177EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/16 9:25 p.m.78 views

USN-6726-2: Linux kernel (IoT) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

7.8CVSS6.9AI score0.01177EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/16 8:56 p.m.100 views

USN-6725-2: Linux kernel (AWS) vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...

9.8CVSS7.4AI score0.17442EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/16 8:7 p.m.64 views

USN-6724-2: Linux kernel vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

8CVSS7.1AI score0.01177EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/16 11:43 a.m.499 views

USN-6736-1: klibc vulnerabilities

It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory whe...

9.8CVSS7.9AI score0.51733EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/16 11:31 a.m.50 views

USN-6735-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue...

7.5CVSS6.9AI score0.03906EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/15 4:44 p.m.46 views

USN-6734-1: libvirt vulnerabilities

Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2024-1441 It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker cou...

6.2CVSS6.6AI score0.00398EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/15 4:37 p.m.394 views

USN-6733-1: GnuTLS vulnerabilities

It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-28834 It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker cou...

5.3CVSS6.5AI score0.00718EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/15 4:29 p.m.40 views

USN-6732-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS6.8AI score0.01496EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/15 10:27 a.m.38 views

USN-6731-1: YARD vulnerabilities

It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. CVE-2017-17042 It was discovered that yard before 0.9.20 is...

7.5CVSS6.9AI score0.02894EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/11 11:2 p.m.45 views

USN-6730-1: Apache Maven Shared Utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

9.8CVSS8.2AI score0.04031EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/11 6:18 p.m.53 views

USN-6727-2: NSS regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2024/04/11 4:19 p.m.112 views

USN-6729-1: Apache HTTP Server vulnerabilities

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. CVE-2023-38709 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validatin...

7.5CVSS7.4AI score0.91327EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/04/11 11:13 a.m.47 views

USN-6728-2: Squid regression

USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. We apologize for the inconvenience. Original advisory details: Joshua Rogers discovered that...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2024/04/10 4:38 p.m.71 views

USN-6728-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-49288 Joshua Rogers discovered that Squ...

8.6CVSS6.8AI score0.88864EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/10 1:40 p.m.420 views

USN-6727-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

6.5CVSS7.4AI score0.00816EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/10 12:24 p.m.385 views

USN-6719-2: util-linux vulnerability

USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Original advisory details: Skyler Ferrante discovered that the util-linux wall command di...

3.3CVSS6.8AI score0.02242EPSS
Exploits3
Ubuntu
Ubuntu
added 2024/04/09 9:16 p.m.30 views

USN-6721-2: X.Org X Server regression

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly u...

7AI score0.01843EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/04/09 1:53 p.m.51 views

USN-6701-4: Linux kernel (Azure) vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 It was discovered that the NVIDIA Tegra...

7.8CVSS7.4AI score0.28058EPSS
Exploits18
Ubuntu
Ubuntu
added 2024/04/09 1:46 p.m.65 views

USN-6726-1: Linux kernel vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

7.8CVSS6.9AI score0.01177EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/09 1:19 p.m.439 views

USN-6725-1: Linux kernel vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...

9.8CVSS7.4AI score0.17442EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/09 12:17 p.m.82 views

USN-6724-1: Linux kernel vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

8CVSS7.1AI score0.01177EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/09 12:7 p.m.45 views

USN-6723-1: Bind vulnerabilities

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. CVE-2023-50387 It was discovered that Bind...

7.5CVSS6.9AI score0.99995EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/04/08 11:14 a.m.46 views

USN-6722-1: Django vulnerability

Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts...

9.8CVSS7.1AI score0.3481EPSS
Exploits7
Ubuntu
Ubuntu
added 2024/04/04 6:6 p.m.48 views

USN-6721-1: X.Org X Server vulnerabilities

It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly us...

7.8CVSS7AI score0.01843EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/04/04 1:36 a.m.40 views

USN-6710-2: Firefox regressions

USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write...

8.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2024/04/03 9:40 a.m.53 views

LSN-0102-1: Kernel Live Patch Security Notice

It was discovered that a race condition existed in the iouring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-1872 Lonial Con discovered that the...

7.8CVSS7.3AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
added 2024/04/02 11:41 a.m.51 views

USN-6720-1: Cacti vulnerability

Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graphview.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks...

9.8CVSS8.6AI score0.87575EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/03/28 8:44 p.m.74 views

USN-6707-4: Linux kernel (Azure) vulnerabilities

Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.7AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
added 2024/03/28 8:40 p.m.65 views

USN-6704-4: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service system crash. CVE-2023-23000 Quentin Minster discovered that the KSMBD...

7.8CVSS7.6AI score0.28058EPSS
Exploits16
Ubuntu
Ubuntu
added 2024/03/27 9:3 p.m.51 views

USN-6686-5: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-22995 It was discovered that a race...

7.8CVSS7.1AI score0.01657EPSS
Exploits0
Total number of security vulnerabilities10888