Ubuntu - Page 71 of Ubuntu Vulnerabilities List

Ubuntu•added 2023/03/16 9:21 p.m.•62 views

USN-5962-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

Ubuntu•added 2023/03/16 2:21 p.m.•81 views

USN-5960-1: Python vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters...

7.5CVSS7.4AI score0.01445EPSS

Ubuntu•added 2023/03/16 2:18 p.m.•63 views

USN-5961-1: abcm2ps vulnerabilities

It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS...

9.8CVSS6.6AI score0.03042EPSS

Ubuntu•added 2023/03/16 7:6 a.m.•69 views

USN-5959-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. CVE-2021-36222, CVE-2021-37750...

7.5CVSS6.9AI score0.06615EPSS

Ubuntu•added 2023/03/16 12:21 a.m.•254 views

USN-5958-1: FFmpeg vulnerabilities

It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-3109, CVE-2022-3341 It...

8.1CVSS6.6AI score0.00199EPSS

Exploits0References1

Ubuntu•added 2023/03/15 9:16 p.m.•60 views

USN-5855-2: ImageMagick vulnerabilities

USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked...

6.5CVSS7.7AI score0.88528EPSS

Exploits31

Ubuntu•added 2023/03/15 7:58 p.m.•99 views

USN-5956-2: PHPMailer vulnerability

USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by...

6.1CVSS7.3AI score0.0294EPSS

Ubuntu•added 2023/03/15 4:20 p.m.•76 views

USN-5957-1: LibreCAD vulnerabilities

Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. CVE-2018-19105 Lilith of Cisco Talos discovered tha...

9.3CVSS7.4AI score0.06191EPSS

Ubuntu•added 2023/03/15 2:33 p.m.•97 views

USN-5956-1: PHPMailer vulnerabilities

Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10033, CVE-2016-10045 It was...

9.8CVSS7.2AI score0.94418EPSS

Exploits67

Ubuntu•added 2023/03/15 12:47 p.m.•77 views

USN-5955-1: Emacs vulnerability

It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands...

7.8CVSS7.8AI score0.00106EPSS

Ubuntu•added 2023/03/15 11:56 a.m.•72 views

USN-5952-1: OpenJPEG vulnerabilities

Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affecte...

8.8CVSS7.4AI score0.04773EPSS

Ubuntu•added 2023/03/15 11:30 a.m.•64 views

USN-5954-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-25750, CVE-2023-25752,...

8.8CVSS7.8AI score0.00279EPSS

Ubuntu•added 2023/03/15 9:54 a.m.•95 views

USN-5953-1: IPython vulnerabilities

It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery CSRF attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. CVE-2015-5607 It was discovered that IPython...

8.8CVSS7.8AI score0.0106EPSS

Ubuntu•added 2023/03/14 6:45 p.m.•80 views

USN-5951-1: Linux kernel (IBM) vulnerabilities

Ubuntu•added 2023/03/14 6:4 p.m.•79 views

USN-5950-1: Linux kernel (KVM) vulnerabilities

Ubuntu•added 2023/03/13 4:35 p.m.•65 views

USN-5949-1: Chromium vulnerabilities

It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-0930, CVE-2023-1219, CVE-2023-1220,...

8.8CVSS7.5AI score0.00548EPSS

Ubuntu•added 2023/03/13 3:8 p.m.•66 views

USN-5948-1: Werkzeug vulnerabilities

It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. CVE-2023-23934 It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacke...

7.5CVSS6.6AI score0.00366EPSS

Ubuntu•added 2023/03/13 10:57 a.m.•81 views

USN-5946-1: XStream vulnerabilities

Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04...

8.8CVSS7.5AI score0.94255EPSS

Exploits17

Ubuntu•added 2023/03/13 10:55 a.m.•425 views

USN-5947-1: Twig vulnerabilities

Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM...

9.8CVSS7AI score0.21146EPSS

Ubuntu•added 2023/03/13 6:7 a.m.•77 views

USN-5945-1: Protocol Buffers vulnerabilities

It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. CVE-2021-22569 It was...

7.5CVSS6.7AI score0.00471EPSS

Ubuntu•added 2023/03/13 4:0 a.m.•75 views

USN-5943-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.8AI score0.00352EPSS

Ubuntu•added 2023/03/10 10:18 a.m.•74 views

USN-5944-1: SnakeYAML vulnerabilities

It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...

7.5CVSS6.7AI score0.0292EPSS

Ubuntu•added 2023/03/09 2:30 p.m.•172 views

USN-5942-1: Apache HTTP Server vulnerabilities

Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2023-25690 Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxyuws...

9.8CVSS7.2AI score0.67011EPSS

Ubuntu•added 2023/03/09 1:3 p.m.•80 views

USN-5941-1: Linux kernel (KVM) vulnerabilities

Ubuntu•added 2023/03/09 12:46 p.m.•69 views

USN-5940-1: Linux kernel (Raspberry Pi) vulnerabilities

Ubuntu•added 2023/03/08 8:14 p.m.•75 views

USN-5939-1: Linux kernel (GCP) vulnerabilities

Ubuntu•added 2023/03/08 5:41 p.m.•78 views

USN-5938-1: Linux kernel (GKE) vulnerabilities

Ubuntu•added 2023/03/08 1:55 p.m.•50 views

USN-5937-1: Opusfile vulnerability

It was discovered that Opusfile was not properly validating pointer arguments in some of its functions, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts...

7.8CVSS7.3AI score0.00094EPSS

Ubuntu•added 2023/03/08 1:2 p.m.•95 views

USN-5936-1: Samba vulnerabilities

Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-3437 Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerber...

9.8CVSS7.6AI score0.10832EPSS

Ubuntu•added 2023/03/07 7:35 p.m.•60 views

USN-5935-1: Linux kernel vulnerabilities

Ubuntu•added 2023/03/07 7:29 p.m.•71 views

USN-5934-1: Linux kernel (Raspberry Pi) vulnerabilities

Ubuntu•added 2023/03/07 3:26 p.m.•76 views

USN-5933-1: Libtpms vulnerabilities

Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2023-1017, CVE-2023-1018 It was discovered that Libtpms did not...

7.8CVSS7.1AI score0.00674EPSS

Exploits0References1

Ubuntu•added 2023/03/07 2:34 p.m.•75 views

USN-5932-1: Sofia-SIP vulnerabilities

It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LT...

9.8CVSS7.8AI score0.1379EPSS

Ubuntu•added 2023/03/07 12:14 p.m.•76 views

USN-5931-1: Python vulnerability

It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2022-37454...

9.8CVSS7.4AI score0.014EPSS

Ubuntu•added 2023/03/07 12:12 p.m.•97 views

USN-5930-1: Python vulnerability

9.8CVSS7.4AI score0.014EPSS

Ubuntu•added 2023/03/07 12:4 p.m.•55 views

LSN-0092-1: Kernel Live Patch Security Notice

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code.CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.7AI score0.00421EPSS

Ubuntu•added 2023/03/07 11:23 a.m.•73 views

USN-5929-1: Linux kernel (Raspberry Pi) vulnerabilities

Ubuntu•added 2023/03/07 7:35 a.m.•423 views

USN-5928-1: systemd vulnerabilities

It was discovered that systemd did not properly validate the time and accuracy values provided to the formattimespan function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,...

5.5CVSS7AI score0.00042EPSS

Ubuntu•added 2023/03/07 12:7 a.m.•86 views

USN-5927-1: Linux kernel (Azure) vulnerabilities

8.8CVSS7.6AI score0.0045EPSS

Ubuntu•added 2023/03/06 11:32 p.m.•90 views

USN-5926-1: Linux kernel vulnerabilities

Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. CVE-2021-4155 Lee Jones discovered that a use-after-free vulnerabilit...

7.8CVSS6.9AI score0.00277EPSS

Ubuntu•added 2023/03/06 11:22 p.m.•81 views

USN-5925-1: Linux kernel vulnerabilities

8.8CVSS7.2AI score0.00142EPSS

Ubuntu•added 2023/03/06 9:40 p.m.•63 views

USN-5924-1: Linux kernel (Azure) vulnerabilities

8.8CVSS7.5AI score0.01411EPSS

Ubuntu•added 2023/03/06 5:7 p.m.•63 views

USN-5923-1: LibTIFF vulnerabilities

It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial ...

6.8CVSS6.8AI score0.00026EPSS

Exploits10

Ubuntu•added 2023/03/06 4:26 p.m.•92 views

USN-5892-2: NSS vulnerability

USN-5892-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cau...

8.8CVSS7.8AI score0.00249EPSS

Ubuntu•added 2023/03/06 2:27 p.m.•49 views

USN-5672-2: GMP vulnerability

USN-5672-1 fixed a vulnerability in GMP. This update provides the corresponsing update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issu...

7.5CVSS7.2AI score0.0046EPSS

Ubuntu•added 2023/03/06 1:9 p.m.•92 views

USN-5922-1: FriBidi vulnerabilities

It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. CVE-2022-25308 It was discovered that...

7.8CVSS7AI score0.00045EPSS

Ubuntu•added 2023/03/06 12:53 p.m.•99 views

USN-5767-3: Python vulnerability

USN-5767-1 fixed vulnerabilities in Python. This update fixes the problem for Ubuntu 18.04 LTS. Original advisory details: Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.7AI score0.014EPSS

Exploits1References1

Ubuntu•added 2023/03/06 12:11 p.m.•121 views

USN-5921-1: rsync vulnerabilities

Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges...

7.4CVSS8.2AI score0.00948EPSS

Ubuntu•added 2023/03/03 4:40 p.m.•60 views

USN-5919-1: Linux kernel vulnerabilities

8.8CVSS7.7AI score0.00142EPSS