Lucene search
K
UbuntuRecent

10888 matches found

Ubuntu
Ubuntu
•added 2023/07/25 8:34 a.m.•49 views

USN-6243-1: Graphite-Web vulnerabilities

It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue on...

7.5CVSS6.1AI score0.16948EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/07/24 4:38 p.m.•189 views

USN-6242-1: OpenSSH vulnerability

It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code...

9.8CVSS7.5AI score0.76768EPSS
Exploits10
Ubuntu
Ubuntu
•added 2023/07/24 2:12 p.m.•63 views

USN-6241-1: OpenStack vulnerability

Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes, please see the upstream advisory and...

6.5CVSS7AI score0.01198EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/24 1:17 p.m.•44 views

USN-6240-1: FRR vulnerability

It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.5AI score0.00662EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/20 7:22 p.m.•54 views

USN-6232-1: wkhtmltopdf vulnerability

It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive...

7.5CVSS7.2AI score0.01817EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/20 9:1 a.m.•42 views

USN-6239-1: ECDSA Util vulnerability

It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification...

10CVSS8AI score0.01038EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/19 5:34 p.m.•76 views

USN-6237-2: curl regression

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...

6.6AI score0.02211EPSS
Exploits2References1
Ubuntu
Ubuntu
•added 2023/07/19 2:45 p.m.•111 views

USN-6238-1: Samba vulnerabilities

It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-2127 Andreas Schneider discovered that Samba incorrectly enforced SMB2 packet signing. A remote...

7.5CVSS6.7AI score0.62606EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/19 12:11 p.m.•116 views

USN-6237-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

5.9CVSS6.5AI score0.02211EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/07/19 8:45 a.m.•70 views

USN-6236-1: ConnMan vulnerabilities

It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-26675,...

9.8CVSS7.7AI score0.02863EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/07/18 1:31 p.m.•402 views

USN-6233-1: YAJL vulnerabilities

It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service application...

7.5CVSS6.7AI score0.03735EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/07/18 12:38 p.m.•64 views

USN-6235-1: Linux kernel (OEM) vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service system crash. CVE-2022-4842 Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel di...

7.8CVSS7AI score0.00635EPSS
Exploits2References2
Ubuntu
Ubuntu
•added 2023/07/18 12:33 p.m.•423 views

USN-6183-2: Bind vulnerability

USN-6183-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size...

7.5CVSS7.4AI score0.03776EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/18 12:22 p.m.•61 views

USN-6234-1: Linux kernel (Xilinx ZynqMP) vulnerability

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that for some...

7.8CVSS7.2AI score0.00532EPSS
Exploits1References2
Ubuntu
Ubuntu
•added 2023/07/18 11:26 a.m.•96 views

USN-6078-2: libwebp vulnerability

USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially...

7.5CVSS7.7AI score0.00952EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/17 9:29 a.m.•43 views

USN-6184-2: CUPS vulnerability

USN-6184-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that CUPS incorrectly handled certain memory operations. An attacker could possibly use this issue to cause CUPS to cras...

7.1CVSS6.8AI score0.01395EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/14 1:49 p.m.•90 views

USN-6231-1: Linux kernel (OEM) vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service system crash. CVE-2023-212...

7.8CVSS7.2AI score0.00495EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/07/13 5:55 p.m.•59 views

USN-6230-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

7.2CVSS7.3AI score0.0119EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/13 5:32 p.m.•73 views

USN-6229-1: LibTIFF vulnerabilities

It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

6.5CVSS7.5AI score0.01124EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/07/13 2:16 p.m.•72 views

USN-6228-1: Linux kernel vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service system crash. CVE-2023-212...

7.8CVSS6.7AI score0.00495EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/13 12:21 p.m.•77 views

USN-6227-1: SpiderMonkey vulnerabilities

Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service...

8.8CVSS8.5AI score0.00696EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/13 3:58 a.m.•416 views

USN-6226-1: SciPy vulnerabilities

It was discovered that SciPy did not properly manage memory operations during reference counting. An attacker could possibly use this issue to cause a denial of service. CVE-2023-25399 A use-after-free was discovered in SciPy when handling reference counts. An attacker could possibly use this to...

9.8CVSS7.5AI score0.0111EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/07/13 2:20 a.m.•52 views

USN-6225-1: Knot Resolver vulnerability

It was discovered that Knot Resolver did not correctly handle certain client options. A remote attacker could send requests to malicous domains and cause a denial of service...

7.5CVSS7.2AI score0.01454EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/12 9:45 p.m.•68 views

USN-6224-1: Linux kernel vulnerabilities

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service system crash. CVE-2023-212...

7.8CVSS6.7AI score0.00495EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/12 7:31 p.m.•63 views

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

7.8CVSS6.7AI score0.01377EPSS
Exploits5References2
Ubuntu
Ubuntu
•added 2023/07/12 7:9 p.m.•69 views

USN-6222-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-3108...

7.8CVSS7.2AI score0.16642EPSS
Exploits12
Ubuntu
Ubuntu
•added 2023/07/12 5:24 p.m.•88 views

USN-6221-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2021-20321 It was discovered that the virtual terminal vt device implementation in the Linux kernel contain...

7.8CVSS7.2AI score0.04947EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/12 2:47 p.m.•61 views

USN-6219-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular...

5.3CVSS7.6AI score0.02637EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/12 2:16 p.m.•50 views

USN-6220-1: Linux kernel vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that for some...

7.8CVSS7.2AI score0.00532EPSS
Exploits1References2
Ubuntu
Ubuntu
•added 2023/07/12 7:7 a.m.•47 views

USN-6218-1: Firefox vulnerability

A use-after-free was discovered in Firefox when handling workers. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code...

8.8CVSS8.2AI score0.00542EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/11 7:31 p.m.•64 views

USN-6217-1: .NET vulnerability

McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account...

8.1CVSS8AI score0.01913EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/11 4:36 p.m.•36 views

USN-6216-1: lib3mf vulnerability

It was discovered that lib3mf did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted 3MF file, a local attacker could possibly use this issue to cause applications using lib3mf to crash, resulting in a denial of service, or possibly...

8.1CVSS8AI score0.04339EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/11 6:36 a.m.•54 views

USN-6215-1: dwarves vulnerabilities

It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-3534, CVE-2022-3606...

8CVSS7.2AI score0.0053EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/11 4:38 a.m.•63 views

USN-6214-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

9.8CVSS7.7AI score0.0093EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/10 1:6 p.m.•76 views

USN-6213-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code...

7.8CVSS8.1AI score0.03236EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/07/07 7:40 p.m.•68 views

USN-6212-1: Linux kernel (Intel IoTG) vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that for some...

7.8CVSS7.2AI score0.00532EPSS
Exploits1References2
Ubuntu
Ubuntu
•added 2023/07/07 6:54 p.m.•36 views

USN-6211-1: Linux kernel (Azure) regression

USN-6130-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/07/07 3:14 p.m.•53 views

USN-6210-1: Doorkeeper vulnerability

It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...

6.5CVSS6.5AI score0.00716EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/06 8:40 p.m.•52 views

USN-6208-1: Gorilla WebSocket vulnerability

It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service...

7.5CVSS6.7AI score0.02342EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/06 7:0 p.m.•65 views

USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

7.8CVSS6.4AI score0.01377EPSS
Exploits4
Ubuntu
Ubuntu
•added 2023/07/06 6:6 p.m.•81 views

USN-6206-1: Linux kernel (OEM) vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that the NTFS...

7.8CVSS6.8AI score0.00532EPSS
Exploits2References2
Ubuntu
Ubuntu
•added 2023/07/06 6:2 p.m.•63 views

USN-6205-1: Linux kernel (GKE) vulnerabilities

Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-35788, LP: 2023577 It was discovered that for some...

7.8CVSS7.2AI score0.00532EPSS
Exploits1References2
Ubuntu
Ubuntu
•added 2023/07/05 3:23 p.m.•38 views

USN-6204-1: CPDB vulnerability

Seth Arnold discovered that CPDB incorrectly handled certain characters. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS8.2AI score0.01539EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/05 11:23 a.m.•61 views

USN-6203-1: Django vulnerability

Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

7.5CVSS7.5AI score0.02669EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/05 10:44 a.m.•288 views

USN-6202-1: containerd vulnerabilities

David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. CVE-2023-25153 It was discovered that containerd incorrectly set up...

7.8CVSS7.2AI score0.00542EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/05 9:23 a.m.•96 views

USN-6201-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-37201, CVE-2023-37202,...

8.8CVSS8.2AI score0.00696EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/07/04 9:23 a.m.•434 views

USN-6200-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. CVE-2020-29599 It was...

7.8CVSS6.9AI score0.0703EPSS
Exploits6
Ubuntu
Ubuntu
•added 2023/07/03 2:38 p.m.•89 views

USN-6199-1: PHP vulnerability

It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information...

4.3CVSS7.1AI score0.00709EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/07/03 12:53 p.m.•46 views

USN-6198-1: GNU Screen vulnerability

It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was installed as setuid or setgid, a local attacker could possibly use this issue to cause a denial of service on a target application...

6.5CVSS6.3AI score0.0054EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/07/03 12:7 p.m.•54 views

USN-6197-1: OpenLDAP vulnerability

It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7AI score0.01947EPSS
Exploits0
Total number of security vulnerabilities10888