Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
•added 2024/01/11 5:30 a.m.•72 views

USN-6574-1: Go vulnerabilities

Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,...

8.1CVSS7.3AI score0.99999EPSS
Exploits19
Ubuntu
Ubuntu
•added 2024/01/11 3:8 a.m.•61 views

USN-6562-2: Firefox regressions

USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.9AI score0.20472EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2024/01/10 10:36 p.m.•67 views

USN-6577-1: Linux kernel (AWS) vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

6.4CVSS7.2AI score0.12405EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/10 9:55 p.m.•61 views

USN-6549-5: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/01/10 6:42 p.m.•61 views

USN-6548-5: Linux kernel (IoT) vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/01/10 6:19 p.m.•47 views

USN-6576-1: Linux kernel (OEM) vulnerability

Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle an expired catchall element in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS8.2AI score0.00319EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/10 1:39 p.m.•66 views

USN-6575-1: Twisted vulnerabilities

It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-39348 It was discovered that Twisted...

5.4CVSS6.4AI score0.01156EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/01/10 1:10 p.m.•73 views

USN-6541-2: GNU C Library regression

USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing functionalities. This update fixes the problem. We apologize for the inconvenienc...

6.6AI score0.01669EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2024/01/09 6:41 p.m.•81 views

USN-6548-4: Linux kernel (GKE) vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/01/09 6:30 p.m.•63 views

USN-6573-1: Linux kernel (Azure) vulnerabilities

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2023-39189 Kyle Zeng...

8.8CVSS7.4AI score0.09141EPSS
Exploits3
Ubuntu
Ubuntu
•added 2024/01/09 6:4 p.m.•55 views

USN-6572-1: Linux kernel (Azure) vulnerabilities

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service system crash. CVE-2023-31085 Bien Pham discovered that the netfiler subsystem in the Linux...

7.8CVSS7.2AI score0.0047EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/09 2:51 p.m.•47 views

USN-6571-1: Monit vulnerability

Youssef Rebahi-Gilbert discovered that Monit did not properly process credentials for disabled accounts. An attacker could possibly use this issue to login to the platform with an expired account and a valid password...

8.8CVSS8AI score0.00667EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/09 1:8 p.m.•61 views

USN-6038-2: Go vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

9.8CVSS7.5AI score0.05623EPSS
Exploits6
Ubuntu
Ubuntu
•added 2024/01/09 10:29 a.m.•46 views

USN-6570-1: PostgreSQL vulnerabilities

Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. CVE-2023-5869 Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL...

8.8CVSS7.2AI score0.04322EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/08 6:5 p.m.•101 views

USN-6569-1: libclamunrar vulnerabilities

it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. CVE-2022-30333 ...

7.8CVSS8.2AI score0.98975EPSS
Exploits13
Ubuntu
Ubuntu
•added 2024/01/08 5:58 p.m.•21 views

USN-6568-1: ClamAV update

The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2024/01/08 5:46 p.m.•70 views

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

8.8CVSS7.1AI score0.01606EPSS
Exploits5
Ubuntu
Ubuntu
•added 2024/01/08 11:39 a.m.•374 views

USN-6499-2: GnuTLS vulnerability

USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recove...

5.9CVSS6.8AI score0.01257EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/05 1:25 p.m.•63 views

USN-6549-4: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2024/01/03 6:9 p.m.•155 views

USN-6566-1: SQLite vulnerabilities

It was discovered that SQLite incorrectly handled certain protection mechanisms when using a CLI script with the --safe option, contrary to expectations. This issue only affected Ubuntu 22.04 LTS. CVE-2022-46908 It was discovered that SQLite incorrectly handled certain memory operations in the...

7.3CVSS6.1AI score0.01249EPSS
Exploits2
Ubuntu
Ubuntu
•added 2024/01/03 6:0 p.m.•243 views

USN-6565-1: OpenSSH vulnerabilities

It was discovered that OpenSSH incorrectly handled supplemental groups when running helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand as a different user. An attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 20.04 LTS...

7CVSS6.9AI score0.19753EPSS
Exploits9
Ubuntu
Ubuntu
•added 2024/01/03 9:31 a.m.•77 views

USN-6564-1: Node.js vulnerabilities

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-4304 CarpetFuzz, Dawei Wang discovered that...

7.5CVSS7.3AI score0.59501EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/02 9:28 a.m.•77 views

USN-6563-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.9AI score0.20472EPSS
Exploits0
Ubuntu
Ubuntu
•added 2024/01/02 3:25 a.m.•75 views

USN-6562-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.CVE-2023-6865, CVE-2023-6857,...

8.8CVSS7.9AI score0.20472EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/12/19 1:8 p.m.•146 views

USN-6561-1: libssh vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS7AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/19 1:2 p.m.•271 views

USN-6560-1: OpenSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

9.8CVSS7.1AI score0.9378EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/14 9:21 p.m.•98 views

USN-6488-2: strongSwan vulnerability

USN-6488-1 fixed a vulnerability in strongSwan. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Florian Picca discovered that strongSwan incorrectly handled certain DH public values. A remote attacker could use this issue to cau...

9.8CVSS8.3AI score0.0229EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/14 5:31 p.m.•223 views

USN-6557-1: Vim vulnerabilities

It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2022-1725 It was discovered that Vim could be made to recurse...

7.8CVSS7AI score0.01527EPSS
Exploits8
Ubuntu
Ubuntu
•added 2023/12/14 4:51 p.m.•94 views

USN-6233-2: YAJL vulnerabilities

USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a us...

7.5CVSS6.8AI score0.03735EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/12/14 4:44 p.m.•88 views

USN-6558-1: audiofile vulnerabilities

It was discovered that audiofile could be made to dereference invalid memory. If a user or an automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

8.8CVSS6.7AI score0.04654EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/14 3:56 p.m.•120 views

USN-6556-1: Budgie Extras vulnerabilities

It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...

7.8CVSS7.4AI score0.00303EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/14 12:33 p.m.•87 views

USN-6546-2: LibreOffice vulnerabilities

USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were...

8.8CVSS8.3AI score0.01017EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/13 5:41 p.m.•97 views

USN-6555-2: X.Org X Server vulnerabilities

USN-6555-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this iss...

7.8CVSS7AI score0.01631EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/13 2:9 p.m.•106 views

USN-6548-3: Linux kernel (Oracle) vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/13 2:1 p.m.•99 views

USN-6549-3: Linux kernel (Low Latency) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/13 1:55 p.m.•127 views

USN-6534-3: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/13 1:23 p.m.•52 views

USN-6555-1: X.Org X Server vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled XKB button actions. An attacker could possibly use this issue to cause the X Server to crash, execute arbitrary code, or escalate privileges. CVE-2023-6377 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled...

7.8CVSS6.9AI score0.01631EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/13 2:21 a.m.•44 views

USN-6554-1: GNOME Settings vulnerability

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation...

4.9CVSS5.4AI score0.00195EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/12/12 8:36 p.m.•83 views

USN-6548-2: Linux kernel vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/12 5:47 p.m.•36 views

USN-6553-1: Pydantic vulnerability

Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial of service via application crash. CVE-2021-29510...

7.5CVSS7.3AI score0.00967EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/12 3:22 p.m.•52 views

USN-6552-1: Netatalk vulnerability

Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly handled certain specially crafted Spotlight requests. A remote attacker could possibly use this issue to cause heap corruption and execute arbitrary code. CVE-2023-42464...

9.8CVSS8.6AI score0.01793EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/12 1:24 p.m.•53 views

USN-6549-2: Linux kernel (GKE) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/12 1:16 p.m.•54 views

USN-6534-2: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/12 1:8 p.m.•57 views

USN-6551-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled writing TIFF files. A remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service...

7.5CVSS7.4AI score0.0153EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/12 12:15 p.m.•70 views

USN-6550-1: PostfixAdmin vulnerabilities

It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...

8.8CVSS6.6AI score0.0454EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/12/11 11:25 p.m.•60 views

USN-6548-1: Linux kernel vulnerabilities

It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. CVE-2023-3006 It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors i...

8.8CVSS7.2AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/11 11:13 p.m.•66 views

USN-6549-1: Linux kernel vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

8.8CVSS7AI score0.09141EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/12/11 6:0 p.m.•49 views

USN-6547-1: Python vulnerability

it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...

7.5CVSS8AI score0.02187EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/11 1:3 p.m.•45 views

USN-6546-1: LibreOffice vulnerabilities

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. CVE-2023-6185 Reginaldo Silva...

8.8CVSS8.3AI score0.01017EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/12/11 12:32 p.m.•58 views

USN-6545-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS7.7AI score0.17963EPSS
Exploits0
Total number of security vulnerabilities10888