Lucene search
K
UbuntuRecent

10890 matches found

Ubuntu
Ubuntu
•added 2023/03/30 11:27 a.m.•51 views

USN-5989-1: GlusterFS vulnerability

Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.2AI score0.00914EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/29 9:20 p.m.•57 views

USN-5988-1: Xcftools vulnerabilities

It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-5086, CVE-2019-5087...

8.8CVSS8AI score0.03637EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/29 6:22 p.m.•77 views

USN-5987-1: Linux kernel vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.7AI score0.71737EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/29 6:12 p.m.•62 views

USN-5986-1: X.Org X Server vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges...

7.8CVSS7.8AI score0.0044EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/29 5:33 p.m.•142 views

USN-5985-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

8.8CVSS7.2AI score0.0048EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/29 4:44 p.m.•85 views

USN-5984-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/29 1:52 p.m.•84 views

USN-5983-1: Nette vulnerability

Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.8AI score0.35228EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/28 7:49 p.m.•217 views

USN-5982-1: Linux kernel vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.7AI score0.71737EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/28 7:44 p.m.•105 views

USN-5981-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/28 7:38 p.m.•59 views

USN-5686-4: Git vulnerability

USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Original advisory details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpect...

5.5CVSS7.1AI score0.01336EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/28 6:48 p.m.•111 views

USN-5980-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that the KVM VMX implementation in the Linux kernel did no...

8.8CVSS7.2AI score0.0048EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/28 4:23 p.m.•76 views

USN-5979-1: Linux kernel (HWE) vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/27 10:49 p.m.•84 views

USN-5978-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the KVM VMX...

8.8CVSS7.1AI score0.01016EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/27 10:38 p.m.•82 views

USN-5977-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the KVM VMX...

8.8CVSS7.1AI score0.00305EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/27 10:26 p.m.•82 views

USN-5976-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.2AI score0.01016EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/27 9:46 p.m.•60 views

USN-5975-1: Linux kernel vulnerabilities

Updated on 2023-04-11: Please note that when USN 5975-1 was originally published, it incorrectly included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that kernel have been removed from this USN and the correct information for it has been published in USN 6007-1. Original advisory...

8.8CVSS7.6AI score0.04947EPSS
Exploits9
Ubuntu
Ubuntu
•added 2023/03/27 4:40 p.m.•75 views

USN-5974-1: GraphicsMagick vulnerabilities

It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to...

9.1CVSS7.3AI score0.03193EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/27 2:59 p.m.•92 views

USN-5973-1: url-parse vulnerabilities

It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...

10CVSS6.7AI score0.03805EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/27 2:47 p.m.•77 views

USN-5964-2: curl vulnerabilities

USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing,...

9.8CVSS6.7AI score0.01993EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/27 9:25 a.m.•58 views

LSN-0093-1: Kernel Live Patch Security Notice

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2023-0179 It was discovered that the Upper Level...

7.8CVSS7.1AI score0.01944EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/27 3:18 a.m.•85 views

USN-5972-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS8.3AI score0.00713EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/27 3:5 a.m.•79 views

USN-5954-2: Firefox regressions

USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/03/24 2:47 a.m.•174 views

USN-5971-1: Graphviz vulnerabilities

It was discovered that graphviz contains null pointer dereference vulnerabilities. Exploitation via a specially crafted input file can cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-10196 It was discovered that graphviz contains null pointer dereference...

8.8CVSS7.5AI score0.05037EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/23 11:46 p.m.•73 views

USN-5970-1: Linux kernel vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.5AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/23 10:53 p.m.•52 views

USN-5969-1: gif2apng vulnerabilities

It was discovered that gif2apng contained multiple heap-base overflows. An attacker could potentially exploit this to cause a denial of service system crash. CVE-2021-45909, CVE-2021-45910, CVE-2021-45911...

7.8CVSS7.1AI score0.00871EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/23 2:28 p.m.•64 views

USN-5966-2: amanda regression

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...

6.2AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2023/03/23 6:20 a.m.•56 views

USN-5966-1: amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

6.7CVSS6.2AI score0.01246EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/22 5:43 p.m.•181 views

USN-5942-2: Apache HTTP Server vulnerability

USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Original advisory details: Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker...

9.8CVSS7.1AI score0.8377EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/22 3:2 p.m.•114 views

USN-5968-1: GitPython vulnerability

It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host...

9.8CVSS8.2AI score0.05378EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/22 12:7 a.m.•72 views

USN-5967-1: object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

9.8CVSS7.4AI score0.0203EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/21 1:41 a.m.•100 views

USN-5965-1: TigerVNC vulnerability

It was discovered that TigerVNC mishandled TLS certificate exceptions. An attacker could use this vulnerability to impersonate any server after a client had added an exception and obtain sensitive information...

8.1CVSS7.6AI score0.0306EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/20 5:28 p.m.•76 views

USN-5904-2: SoX regression

USN-5904-1 fixed vulnerabilities in SoX. It was discovered that the fix for CVE-2021-33844 was incomplete. This update fixes the problem. Original advisory details: Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

5.5CVSS7.1AI score0.00457EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/20 5:24 p.m.•55 views

USN-5806-3: Ruby vulnerability

USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use th...

8.8CVSS7.4AI score0.02287EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/20 12:30 p.m.•129 views

USN-5964-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. CVE-2023-27533 Harry Sintonen discovered that curl incorrectly...

9.8CVSS6.5AI score0.02195EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/20 11:59 a.m.•95 views

USN-5963-1: Vim vulnerabilities

It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2022-47024,...

7.8CVSS7.2AI score0.00555EPSS
Exploits8
Ubuntu
Ubuntu
•added 2023/03/16 9:21 p.m.•69 views

USN-5962-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits8
Ubuntu
Ubuntu
•added 2023/03/16 2:21 p.m.•85 views

USN-5960-1: Python vulnerability

Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters...

7.5CVSS7.4AI score0.20459EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/16 2:18 p.m.•65 views

USN-5961-1: abcm2ps vulnerabilities

It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could use this issue to cause abcm2ps to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS...

9.8CVSS6.6AI score0.03073EPSS
Exploits5
Ubuntu
Ubuntu
•added 2023/03/16 7:6 a.m.•71 views

USN-5959-1: Kerberos vulnerabilities

It was discovered that Kerberos incorrectly handled memory when processing KDC data, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or have other unspecified impacts. CVE-2021-36222, CVE-2021-37750...

7.5CVSS6.9AI score0.10276EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/16 12:21 a.m.•258 views

USN-5958-1: FFmpeg vulnerabilities

It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-3109, CVE-2022-3341 It...

8.1CVSS6.6AI score0.0347EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2023/03/15 9:16 p.m.•62 views

USN-5855-2: ImageMagick vulnerabilities

USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked...

6.5CVSS7.7AI score0.89855EPSS
Exploits31
Ubuntu
Ubuntu
•added 2023/03/15 7:58 p.m.•99 views

USN-5956-2: PHPMailer vulnerability

USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Original advisory details: Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by...

6.1CVSS7.3AI score0.024EPSS
Exploits1
Ubuntu
Ubuntu
•added 2023/03/15 4:20 p.m.•81 views

USN-5957-1: LibreCAD vulnerabilities

Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. CVE-2018-19105 Lilith of Cisco Talos discovered tha...

9.3CVSS7.4AI score0.06617EPSS
Exploits7
Ubuntu
Ubuntu
•added 2023/03/15 2:33 p.m.•98 views

USN-5956-1: PHPMailer vulnerabilities

Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10033, CVE-2016-10045 It was...

9.8CVSS7.2AI score0.99714EPSS
Exploits67
Ubuntu
Ubuntu
•added 2023/03/15 12:47 p.m.•79 views

USN-5955-1: Emacs vulnerability

It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands...

7.8CVSS7.8AI score0.01132EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/15 11:56 a.m.•73 views

USN-5952-1: OpenJPEG vulnerabilities

Sebastian Poeplau discovered that OpenJPEG incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affecte...

8.8CVSS7.4AI score0.04932EPSS
Exploits3
Ubuntu
Ubuntu
•added 2023/03/15 11:30 a.m.•66 views

USN-5954-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-25750, CVE-2023-25752,...

8.8CVSS7.8AI score0.00713EPSS
Exploits0
Ubuntu
Ubuntu
•added 2023/03/15 9:54 a.m.•99 views

USN-5953-1: IPython vulnerabilities

It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery CSRF attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. CVE-2015-5607 It was discovered that IPython...

8.8CVSS7.8AI score0.01201EPSS
Exploits2
Ubuntu
Ubuntu
•added 2023/03/14 6:45 p.m.•88 views

USN-5951-1: Linux kernel (IBM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Ubuntu
Ubuntu
•added 2023/03/14 6:4 p.m.•86 views

USN-5950-1: Linux kernel (KVM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits7
Total number of security vulnerabilities10890