Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
added 2024/01/30 9:18 p.m.74 views

USN-6609-2: Linux kernel (NVIDIA) vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

7.8CVSS7.2AI score0.00836EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/30 3:17 p.m.385 views

USN-6618-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain long text arguments. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2023-44271 Duarte Santos discovered...

8.1CVSS7.2AI score0.01703EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/30 2:17 p.m.43 views

USN-6617-1: libde265 vulnerabilities

It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and...

8.8CVSS7.1AI score0.01687EPSS
Exploits14
Ubuntu
Ubuntu
added 2024/01/30 12:50 p.m.60 views

USN-6587-3: X.Org X Server regression

USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processin...

7.1AI score
Exploits0References1
Ubuntu
Ubuntu
added 2024/01/30 12:42 p.m.378 views

USN-6616-1: OpenLDAP vulnerability

It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7AI score0.01947EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/30 12:38 p.m.252 views

USN-6615-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.36 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. In addition to security fixes, the updated packages contain bug fixes, new features...

6.5CVSS6AI score0.01539EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/30 10:36 a.m.33 views

USN-6614-1: amanda vulnerability

It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker could possibly use this issue to perform a privilege escalation attack...

7.8CVSS7.2AI score0.00459EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/29 10:43 p.m.99 views

USN-6605-2: Linux kernel (KVM) vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

7.8CVSS7.1AI score0.00715EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/29 10:27 p.m.46 views

USN-6604-2: Linux kernel (Azure) vulnerabilities

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service system crash. CVE-2023-1079 Jana Hofman...

7.8CVSS7.2AI score0.12405EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/29 6:8 p.m.37 views

USN-6613-1: Ceph vulnerability

Lucas Henry discovered that Ceph incorrectly handled specially crafted POST requests. An uprivileged user could use this to bypass Ceph's authorization checks and upload a file to any bucket...

9.8CVSS6.8AI score0.02539EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/29 5:2 p.m.53 views

USN-6612-1: TinyXML vulnerability

It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.2AI score0.01372EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/29 11:21 a.m.78 views

USN-6610-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-0741, CVE-2024-0742,...

8.8CVSS7.7AI score0.02155EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/29 10:52 a.m.41 views

USN-6611-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

5.3CVSS7.4AI score0.01072EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/26 12:10 a.m.77 views

USN-6609-1: Linux kernel vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

7.8CVSS7.2AI score0.00836EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 11:50 p.m.73 views

USN-6608-1: Linux kernel vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...

7.8CVSS7.1AI score0.00836EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 11:35 p.m.70 views

USN-6607-1: Linux kernel (Azure) vulnerabilities

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.2AI score0.00836EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 10:11 p.m.60 views

USN-6606-1: Linux kernel (OEM) vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-51779 It was discovered that the CIFS...

7.8CVSS6.9AI score0.00836EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 10:6 p.m.113 views

USN-6605-1: Linux kernel vulnerabilities

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2023-6040 It was discovered that the CIFS...

7.8CVSS7.1AI score0.00715EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 9:6 p.m.53 views

USN-6604-1: Linux kernel vulnerabilities

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service system crash. CVE-2023-1079 Jana Hofman...

7.8CVSS7.2AI score0.12405EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 8:24 p.m.85 views

USN-6603-1: Linux kernel (AWS) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could...

7.8CVSS7.1AI score0.00715EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 8:15 p.m.61 views

USN-6602-1: Linux kernel vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

7.8CVSS7.2AI score0.12405EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/25 7:32 p.m.54 views

USN-6601-1: Linux kernel vulnerability

It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7AI score0.00371EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/25 6:32 p.m.61 views

USN-6600-1: MariaDB vulnerabilities

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.39 in Ubuntu 20.04 LTS, 10.6.16 in Ubuntu 22.04 LTS and 10.11.6 in Ubuntu 23.10. CVE-2022-47015 only affected the MariaDB packages in...

6.5CVSS7.1AI score0.01782EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/25 4:6 p.m.402 views

USN-6599-1: Jinja2 vulnerabilities

Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2020-28493 It was discovered that Jinja incorrectly handled certain HTM...

6.1CVSS7.5AI score0.03546EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/25 12:44 p.m.73 views

USN-6598-1: Paramiko vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS7AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/01/25 12:38 p.m.38 views

USN-6597-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service...

7.5CVSS6.3AI score0.00958EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/24 11:12 a.m.39 views

USN-6596-1: Apache::Session::LDAP vulnerability

It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive informati...

8.1CVSS7.7AI score0.00441EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/23 1:39 p.m.61 views

USN-6595-1: PyCryptodome vulnerability

It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information...

5.9CVSS7.1AI score0.00618EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/23 3:5 a.m.54 views

USN-6594-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2023-49285 Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote...

8.6CVSS7.7AI score0.88818EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/22 1:16 p.m.321 views

USN-6593-1: GnuTLS vulnerabilities

It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. CVE-2024-0553 It was discovered that GnuTLS incorrectly handled certain certificate chains...

7.5CVSS6.8AI score0.01614EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/22 1:13 p.m.47 views

USN-6587-2: X.Org X Server vulnerabilities

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and...

9.8CVSS7.1AI score0.02106EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/22 1:5 p.m.310 views

USN-6592-1: libssh vulnerabilities

It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...

5.3CVSS6.8AI score0.01421EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/22 12:35 p.m.49 views

USN-6591-1: Postfix vulnerability

Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References1
Ubuntu
Ubuntu
added 2024/01/18 6:21 p.m.79 views

USN-6590-1: Xerces-C++ vulnerabilities

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

8.8CVSS6.9AI score0.09503EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/18 5:55 p.m.65 views

USN-6589-1: FileZilla vulnerability

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information...

5.9CVSS7AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/01/17 5:43 p.m.117 views

USN-6588-1: PAM vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

5.5CVSS6.3AI score0.00455EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/17 5:20 a.m.53 views

USN-6538-2: PostgreSQL vulnerabilities

USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibl...

8.8CVSS7.3AI score0.04322EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/16 4:50 p.m.58 views

USN-6559-1: ZooKeeper vulnerabilities

It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...

9.1CVSS6.9AI score0.09634EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/16 3:20 p.m.386 views

USN-6587-1: X.Org X Server vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. CVE-2023-6816 Jan-Nikl...

9.8CVSS7.1AI score0.02106EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/16 12:44 p.m.48 views

USN-6586-1: FreeImage vulnerabilities

It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and...

7.8CVSS7.4AI score0.0421EPSS
Exploits3
Ubuntu
Ubuntu
added 2024/01/16 12:15 p.m.51 views

USN-6579-2: Xerces-C++ vulnerability

USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. Original advisory details: It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML...

8.1CVSS7.5AI score0.09503EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/15 6:31 p.m.83 views

USN-6585-1: libssh2 vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS7AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
added 2024/01/15 5:17 p.m.35 views

USN-6584-1: Libspf2 vulnerabilities

Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

9.8CVSS8.4AI score0.09643EPSS
Exploits2
Ubuntu
Ubuntu
added 2024/01/15 3:23 p.m.65 views

USN-6583-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.7.44 in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly...

4.9CVSS7AI score0.01782EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/15 1:52 p.m.43 views

USN-6582-1: WebKitGTK vulnerability

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

5.5CVSS6.2AI score0.00721EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/15 11:57 a.m.144 views

USN-6581-1: GNU binutils vulnerabilities

It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. CVE-2022-44840, CVE-2022-45703...

7.8CVSS6.8AI score0.00513EPSS
Exploits6
Ubuntu
Ubuntu
added 2024/01/15 11:45 a.m.47 views

USN-6580-1: w3m vulnerability

It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

5.5CVSS7.1AI score0.00322EPSS
Exploits1
Ubuntu
Ubuntu
added 2024/01/11 5:53 p.m.50 views

USN-6579-1: Xerces-C++ vulnerability

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

8.1CVSS7.4AI score0.09503EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/01/11 4:53 p.m.523 views

USN-6560-2: OpenSSH vulnerabilities

USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If ...

6.5CVSS7.2AI score0.9378EPSS
Exploits11
Ubuntu
Ubuntu
added 2024/01/11 3:44 p.m.284 views

USN-6578-1: .NET vulnerabilities

Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. CVE-2024-0057 Morgan Brown discovered that .NET did not properly handle...

9.8CVSS7.3AI score0.02868EPSS
Exploits0
Total number of security vulnerabilities10888