Ubuntu - Page 69 of Ubuntu Vulnerabilities List

Ubuntu•added 2023/04/28 10:1 a.m.•44 views

USN-6048-1: ZenLib vulnerability

It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library...

7.5CVSS5.6AI score0.02581EPSS

Ubuntu•added 2023/04/27 10:32 p.m.•88 views

USN-6047-1: Linux kernel vulnerability

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS6.6AI score0.00254EPSS

Ubuntu•added 2023/04/27 2:46 p.m.•29 views

USN-6046-1: OpenSSL-ibmca vulnerabilities

It was discovered that OpenSSL-ibmca incorrectly handled certain RSA decryption. An attacker could possibly use this issue to expose sensitive information...

5.4AI score

Ubuntu•added 2023/04/26 5:59 p.m.•83 views

USN-6042-1: Cloud-init vulnerability

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege...

5.5CVSS6.1AI score0.0004EPSS

Ubuntu•added 2023/04/26 5:33 p.m.•74 views

USN-6017-2: Ghostscript vulnerability

USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Original advisory details: Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or...

9.8CVSS8.4AI score0.27763EPSS

Ubuntu•added 2023/04/26 4:32 p.m.•73 views

USN-6045-1: Linux kernel vulnerabilities

7.8CVSS7.2AI score0.00379EPSS

Ubuntu•added 2023/04/26 3:48 p.m.•124 views

USN-6044-1: Linux kernel vulnerabilities

7.8CVSS6.8AI score0.00254EPSS

Ubuntu•added 2023/04/26 1:39 p.m.•156 views

USN-6043-1: Linux kernel vulnerabilities

7.8CVSS7AI score0.48523EPSS

Exploits14

Ubuntu•added 2023/04/26 4:15 a.m.•74 views

USN-6010-3: Firefox regressions

USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

7.8AI score

Ubuntu•added 2023/04/25 3:53 p.m.•101 views

USN-6039-1: OpenSSL vulnerabilities

It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of...

7.5CVSS6.9AI score0.00825EPSS

Ubuntu•added 2023/04/25 1:25 p.m.•82 views

USN-6040-1: Linux kernel (HWE) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the OverlayFS...

7.8CVSS7.6AI score0.48523EPSS

Exploits14

Ubuntu•added 2023/04/25 10:23 a.m.•80 views

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

9.8CVSS7.5AI score0.00759EPSS

Exploits7

Ubuntu•added 2023/04/20 9:15 p.m.•38 views

USN-6036-1: PatchELF vulnerability

It was discovered that PatchELF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. CVE-2022-44940...

9.1CVSS8.2AI score0.00512EPSS

Ubuntu•added 2023/04/20 3:42 p.m.•62 views

USN-6035-1: KAuth vulnerability

It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

9.3CVSS8AI score0.03748EPSS

Ubuntu•added 2023/04/20 12:57 p.m.•64 views

USN-6034-1: Dnsmasq vulnerability

It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP...

7.5CVSS7.4AI score0.00012EPSS

Ubuntu•added 2023/04/19 6:8 p.m.•91 views

USN-6033-1: Linux kernel (OEM) vulnerabilities

7.8CVSS6.8AI score0.00254EPSS

Exploits5

Ubuntu•added 2023/04/19 4:57 p.m.•71 views

USN-6032-1: Linux kernel (OEM) vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36280 Gerald Lee discovered that the USB Gadget file system implementation in the...

7.8CVSS6.8AI score0.00141EPSS

Exploits3

Ubuntu•added 2023/04/19 4:43 p.m.•77 views

USN-6031-1: Linux kernel (OEM) vulnerabilities

7.8CVSS6.9AI score0.0007EPSS

Exploits2

Ubuntu•added 2023/04/19 2:15 p.m.•100 views

USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities

7.9CVSS7.6AI score0.0045EPSS

Exploits5

Ubuntu•added 2023/04/19 2:6 p.m.•89 views

USN-6029-1: Linux kernel vulnerabilities

7.8CVSS7.1AI score0.0002EPSS

Ubuntu•added 2023/04/19 1:42 p.m.•87 views

USN-6028-1: libxml2 vulnerabilities

It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2023-28484 It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a cras...

6.5CVSS7.2AI score0.00403EPSS

Ubuntu•added 2023/04/19 12:58 p.m.•72 views

USN-6027-1: Linux kernel vulnerabilities

7.8CVSS7.1AI score0.00021EPSS

Ubuntu•added 2023/04/19 8:57 a.m.•133 views

USN-6026-1: Vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. CVE-2021-4166 It was discovered that Vim was using freed memory when dealing...

9.8CVSS8.3AI score0.0529EPSS

Exploits20

Ubuntu•added 2023/04/19 2:27 a.m.•117 views

USN-6025-1: Linux kernel vulnerabilities

7.8CVSS7.6AI score0.48523EPSS

Exploits14

Ubuntu•added 2023/04/19 1:17 a.m.•73 views

USN-6024-1: Linux kernel vulnerabilities

7.8CVSS7.2AI score0.0045EPSS

Exploits4

Ubuntu•added 2023/04/18 9:22 a.m.•53 views

LSN-0094-1: Kernel Live Patch Security Notice

Lin Ma discovered a race condition in the iouring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash.CVE-2023-0468 It was discovered that the Traffic-Control Index TCINDEX implementation in...

7.8CVSS6.9AI score0.00018EPSS

Ubuntu•added 2023/04/18 4:16 a.m.•66 views

USN-6010-2: Firefox regressions

USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.8AI score

Ubuntu•added 2023/04/17 11:55 a.m.•65 views

USN-5855-4: ImageMagick vulnerabilities

USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening ...

6.5CVSS7.7AI score0.88528EPSS

Exploits31

Ubuntu•added 2023/04/17 10:24 a.m.•55 views

USN-6023-1: LibreOffice vulnerability

It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

7.8CVSS7.5AI score0.00129EPSS

Ubuntu•added 2023/04/14 5:20 p.m.•61 views

USN-6022-1: Kamailio vulnerabilities

It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. CVE-2018-16657 It was discovered...

9.8CVSS8.6AI score0.00921EPSS

Exploits2

Ubuntu•added 2023/04/14 12:38 p.m.•62 views

USN-6021-1: Chromium vulnerabilities

It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-1528, CVE-2023-1530, CVE-2023-1531,...

9.8CVSS8AI score0.00885EPSS

Ubuntu•added 2023/04/14 10:22 a.m.•85 views

USN-6020-1: Linux kernel (BlueField) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

8.8CVSS7.2AI score0.00033EPSS

Ubuntu•added 2023/04/13 10:18 p.m.•72 views

USN-6018-1: Apport vulnerability

Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege...

7.8CVSS7.3AI score0.05487EPSS

Ubuntu•added 2023/04/13 9:17 p.m.•46 views

USN-6019-1: Flask-CORS vulnerability

It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information...

7.5CVSS8AI score0.0138EPSS

Ubuntu•added 2023/04/13 8:35 p.m.•50 views

USN-6017-1: Ghostscript vulnerability

Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

9.8CVSS8.4AI score0.27763EPSS

Ubuntu•added 2023/04/13 5:23 p.m.•70 views

USN-6016-1: thenify vulnerability

It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.3AI score0.01475EPSS

Ubuntu•added 2023/04/13 7:16 a.m.•85 views

USN-6012-1: Smarty vulnerability

It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. CVE-2022-29221...

8.8CVSS7AI score0.25501EPSS

Ubuntu•added 2023/04/13 3:49 a.m.•80 views

USN-6015-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.8AI score0.00338EPSS

Ubuntu•added 2023/04/12 9:13 p.m.•65 views

USN-6014-1: Linux kernel vulnerabilities

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service connection termination or inject forged data. CVE-2020-36516 Ke Sun, Alyssa Milburn,...

7.8CVSS7.2AI score0.0045EPSS

Exploits25

Ubuntu•added 2023/04/12 2:41 p.m.•83 views

USN-6013-1: Linux kernel (AWS) vulnerabilities

7.8CVSS7.2AI score0.0045EPSS

Exploits25

Ubuntu•added 2023/04/12 8:36 a.m.•91 views

USN-6011-1: Json-smart vulnerabilities

It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. CVE-2021-31684 It was discovered that Json-smart...

7.5CVSS6.5AI score0.00108EPSS

Exploits2

Ubuntu•added 2023/04/12 6:47 a.m.•62 views

USN-6010-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-29537, CVE-2023-29540,...

8.8CVSS7.8AI score0.00442EPSS

Ubuntu•added 2023/04/11 10:55 p.m.•81 views

USN-6009-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.0045EPSS

Exploits5

Ubuntu•added 2023/04/11 10:25 p.m.•70 views

USN-6007-1: Linux kernel (GCP) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.3AI score0.01411EPSS

Exploits4

Ubuntu•added 2023/04/11 9:9 p.m.•57 views

USN-6006-1: .NET vulnerability

It was discovered that .NET did not properly manage dll files. An attacker could potentially use this issue to execute arbitrary code...

7.8CVSS8.4AI score0.01557EPSS

Ubuntu•added 2023/04/11 7:56 p.m.•80 views

USN-6008-1: Exo vulnerability

It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution...

8.8CVSS8AI score0.00846EPSS

Ubuntu•added 2023/04/11 5:29 p.m.•56 views

USN-6004-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.7AI score0.04508EPSS

Exploits7

Ubuntu•added 2023/04/11 2:19 p.m.•55 views

USN-6005-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

5.3CVSS7.3AI score0.00136EPSS