Lucene search
K
UbuntuRecent

10869 matches found

Ubuntu
Ubuntu
•added 2026/05/05 6:27 p.m.•9 views

USN-8234-1: Mako vulnerability

It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information...

8.7CVSS5.8AI score0.00361EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/05/05 5:7 p.m.•16 views

USN-8233-1: nghttp2 vulnerability

Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00775EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/05/05 3:30 p.m.•14 views

USN-8232-1: Django vulnerabilities

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSIONSAVEEVERYREQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. CVE-2026-35192 Kyle Agronick and Jacob Walls discovered that Django...

6.5CVSS5.8AI score0.00544EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/05/04 12:24 p.m.•13 views

USN-8229-1: sed vulnerability

Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files...

2.1CVSS5.9AI score0.00142EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/05/04 11:50 a.m.•11 views

USN-8228-1: Exim vulnerabilities

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...

9.8CVSS6.2AI score0.00373EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/05/04 11:40 a.m.•9 views

USN-8227-1: curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.8AI score0.00639EPSS
Exploits7
Ubuntu
Ubuntu
•added 2026/04/30 4:19 p.m.•14 views

USN-8226-2: kmod update

USN-8226-1 added a mitigation to kmod to disable loading the algifaead module. This update adds the same mitigation to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that the Linux kernel algifaead module contained a logic...

7.8CVSS5.8AI score0.96775EPSS
Exploits228
Ubuntu
Ubuntu
•added 2026/04/30 3:55 p.m.•14 views

USN-8226-1: kmod update

It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...

7.8CVSS6.1AI score0.96775EPSS
Exploits228References1
Ubuntu
Ubuntu
•added 2026/04/30 1:50 p.m.•11 views

USN-8218-1: zuluCrypt vulnerability

Aaron Rainbolt discovered that zuluCrypt used insecure PolicyKit settings in zuluPolkit. An attacker could possibly use this issue to cause local privilege escalation to root. CVE-2025-53391...

9.3CVSS5.4AI score0.00147EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/30 2:19 a.m.•13 views

USN-8225-1: Python marshmallow vulnerabilities

Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2018-17175 It was discovered that Python marshmallow did not efficiently handle...

5.3CVSS5.5AI score0.01858EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/29 1:50 p.m.•8 views

USN-8223-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

9.3CVSS7AI score0.5281EPSS
Exploits6
Ubuntu
Ubuntu
•added 2026/04/29 1:36 p.m.•15 views

USN-8224-1: Linux kernel (BlueField) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

7.8CVSS7AI score0.00283EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2026/04/29 12:10 p.m.•11 views

USN-8222-1: OpenSSH vulnerabilities

Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. This could result in certain files being installed setuid or setgid, contrary to expectations. CVE-2026-35385 Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell...

8.1CVSS5.9AI score0.00419EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/29 8:59 a.m.•13 views

USN-8195-3: PackageKit vulnerability

USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to...

8.8CVSS5.6AI score0.0046EPSS
Exploits10
Ubuntu
Ubuntu
•added 2026/04/29 12:11 a.m.•10 views

USN-8221-1: wheel vulnerability

It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...

7.1CVSS7.2AI score0.00311EPSS
Exploits2
Ubuntu
Ubuntu
•added 2026/04/28 7:27 p.m.•9 views

USN-8198-2: Tornado vulnerabilities

USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...

8.7CVSS8.7AI score0.00375EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/28 5:32 p.m.•9 views

USN-8219-1: UltraJSON vulnerabilities

Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS...

7.5CVSS5.4AI score0.00479EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/28 4:30 p.m.•8 views

USN-8185-2: Linux kernel (Low Latency NVIDIA) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS6.8AI score0.00378EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/28 1:57 p.m.•9 views

USN-8217-1: follow-redirects vulnerabilities

It was discovered that follow-redirects did not properly protect sensitive user information during redirects. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2022-0155 It was discovered that...

8CVSS6.7AI score0.02426EPSS
Exploits4
Ubuntu
Ubuntu
•added 2026/04/28 1:51 p.m.•9 views

USN-8190-2: Rack::Session vulnerability

USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to...

9.8CVSS5.5AI score0.0027EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/28 12:52 p.m.•11 views

USN-8136-2: Dovecot regression

USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...

5.3CVSS5.9AI score0.00427EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2026/04/28 11:4 a.m.•12 views

USN-8087-3: python-cryptography vulnerability

USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remo...

8.2CVSS7.3AI score0.00341EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/28 8:10 a.m.•17 views

USN-8214-1: NLTK vulnerability

It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...

10CVSS8.6AI score0.0079EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/28 7:32 a.m.•12 views

USN-8216-1: .NET vulnerabilities

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. CVE-2026-33116, CVE-2026-26171 Ludvig Pedersen and Kevin Jones...

9.1CVSS6.4AI score0.11205EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/28 7:10 a.m.•9 views

USN-8215-1: .NET vulnerability

It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges...

9.1CVSS5.8AI score0.11205EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/28 4:18 a.m.•12 views

USN-8202-2: jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
Ubuntu
Ubuntu
•added 2026/04/27 8:30 p.m.•10 views

USN-8213-1: Vim vulnerabilities

Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. CVE-2026-35177 It was discovered that Vim's netbeans...

7.8CVSS6AI score0.0062EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/27 3:39 p.m.•10 views

USN-8212-1: authd vulnerability

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...

7.3CVSS5.4AI score0.0011EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/27 12:11 p.m.•13 views

USN-8209-1: Little CMS vulnerability

It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause Little CMS to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS6.1AI score0.00365EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/24 9:40 a.m.•10 views

USN-8180-5: Linux kernel (IBM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

8.8CVSS5.9AI score0.0071EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 4:5 p.m.•9 views

USN-8206-1: OpenMPT vulnerability

Antonio Morales Maldonado discovered that OpenMPT did not properly limit the length of strings in certain cases, leading to a buffer overflow. An attacker could possibly use this issue to cause OpenMPT to crash, resulting in a denial of service...

9.8CVSS6AI score0.02701EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 12:16 p.m.•10 views

USN-8205-1: GStreamer Bad Plugins vulnerabilities

It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause applications using the plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,...

8.8CVSS7.3AI score0.02009EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 10:16 a.m.•13 views

USN-8180-4: Linux kernel (Azure FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

8.8CVSS6.9AI score0.0071EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 10:8 a.m.•13 views

USN-8180-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

8.8CVSS6.9AI score0.0071EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 10:0 a.m.•12 views

USN-8204-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.2AI score0.00378EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 9:52 a.m.•13 views

USN-8203-1: Linux kernel (Oracle) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.2AI score0.00378EPSS
Exploits6
Ubuntu
Ubuntu
•added 2026/04/23 9:41 a.m.•11 views

USN-8179-3: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.2AI score0.00378EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 9:27 a.m.•10 views

USN-8183-2: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

7.8CVSS5.8AI score0.00191EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/23 7:35 a.m.•10 views

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
Ubuntu
Ubuntu
•added 2026/04/22 7:9 p.m.•19 views

USN-8201-1: Linux kernel (Azure) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

7.8CVSS6.9AI score0.00255EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2026/04/22 6:24 p.m.•11 views

USN-8200-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

7.8CVSS7.2AI score0.00255EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/22 6:15 p.m.•14 views

USN-8200-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

7.8CVSS7.2AI score0.00255EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/22 6:4 p.m.•13 views

USN-8199-1: OpenStack Glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

7.1CVSS5.9AI score0.00835EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/22 5:52 p.m.•11 views

USN-8198-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

8.7CVSS5.8AI score0.00375EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/22 1:36 p.m.•9 views

USN-8197-1: Slurm vulnerability

It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket on the host. An attacker could possibly use this issue to execute arbitrary code as the root use...

9CVSS6.2AI score0.02639EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/21 5:25 p.m.•12 views

USN-8194-1: league/commonmark vulnerabilities

It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...

6.4CVSS5.7AI score0.00287EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/21 11:36 a.m.•11 views

USN-8191-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

4.3CVSS5.8AI score0.01249EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/20 3:18 p.m.•11 views

USN-8190-1: Rack::Session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

9.8CVSS5.8AI score0.0027EPSS
Exploits1
Ubuntu
Ubuntu
•added 2026/04/20 1:49 p.m.•10 views

USN-8189-1: RapidJSON vulnerability

It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the...

7.8CVSS5.8AI score0.00424EPSS
Exploits0
Ubuntu
Ubuntu
•added 2026/04/20 9:57 a.m.•9 views

USN-8098-10: Linux kernel (Raspberry Pi) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

7.8CVSS6.9AI score0.00248EPSS
Exploits0References1
Total number of security vulnerabilities10869