Lucene search
K
UbuntuRecent

10890 matches found

Ubuntu
Ubuntu
added 2023/03/02 12:20 p.m.119 views

USN-5905-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. CVE-2022-31628 It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity...

9.1CVSS7.3AI score0.49336EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/03/02 11:42 a.m.83 views

USN-5904-1: SoX vulnerabilities

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ES...

10CVSS7.1AI score0.02211EPSS
Exploits8
Ubuntu
Ubuntu
added 2023/03/02 10:15 a.m.74 views

USN-5482-2: SPIP vulnerabilities

USN-5482-1 fixed several vulnerabilities in SPIP. This update provides the corresponding updates for Ubuntu 20.04 LTS for CVE-2021-44118, CVE-2021-44120, CVE-2021-44122 and CVE-2021-44123. Original advisory details: It was discovered that SPIP incorrectly validated inputs. An authenticated attack...

8.8CVSS7.4AI score0.02396EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/03/01 2:20 p.m.65 views

USN-5810-4: Git vulnerabilities

USN-5810-1 fixed several vulnerabilities in Git. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain gitattributes. An attacker could possibly use this issue to cause a...

9.8CVSS8.7AI score0.56334EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/03/01 7:0 a.m.114 views

USN-5880-2: Firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

7.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2023/02/28 5:15 p.m.61 views

USN-5900-1: tar vulnerability

It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash...

5.5CVSS6.7AI score0.04524EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/28 3:42 p.m.95 views

USN-5903-1: lighttpd vulnerabilities

It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service DoS. CVE-2022-22707, CVE-2022-41556...

7.5CVSS7AI score0.08969EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/02/28 3:19 p.m.78 views

USN-5638-4: Expat vulnerabilities

USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to...

8.1CVSS7.9AI score0.02241EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/28 2:18 p.m.97 views

USN-5902-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. CVE-2023-0567 It was discovered that PHP incorrectly handled resolving long paths. A remot...

8.1CVSS7.2AI score0.01408EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/28 2:7 p.m.63 views

USN-5821-3: pip regression

USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex...

7.5CVSS7AI score0.02659EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/28 2:5 p.m.100 views

USN-5901-1: GnuTLS vulnerability

Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information...

7.4CVSS7AI score0.01403EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/28 8:23 a.m.4331 views

USN-5899-1: AWStats vulnerability

It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

6.1CVSS6.8AI score0.00655EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/28 3:11 a.m.116 views

USN-5898-1: OpenJDK vulnerabilities

It was discovered that the Serialization component of OpenJDK did not properly handle the deserialization of some CORBA objects. An attacker could possibly use this to bypass Java sandbox restrictions. CVE-2023-21830 Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not properl...

5.3CVSS6.7AI score0.01357EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/28 2:55 a.m.92 views

USN-5897-1: OpenJDK vulnerabilities

Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget discovered that the DTLS implementation in the JSSE subsystem of OpenJDK did not properly restrict handshake initiation requests from clients. A remote attacker could possibly use this to cause a denial of service. CVE-2023-218...

5.3CVSS6.6AI score0.01836EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 6:25 p.m.99 views

USN-5896-1: Rack vulnerabilities

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of...

10CVSS8.2AI score0.02056EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 5:8 p.m.187 views

USN-5888-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2015-20107 Hamza Avvan discovered that Python incorrectly...

9.8CVSS7.6AI score0.20459EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/02/27 3:35 p.m.101 views

USN-5895-1: MPlayer vulnerabilities

It was discovered that MPlayer could be made to divide by zero when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibly use this issue to cause MPlayer to crash, resulting in a denial of service. CVE-2022-38850,...

5.5CVSS6AI score0.00344EPSS
Exploits9
Ubuntu
Ubuntu
added 2023/02/27 2:10 p.m.97 views

USN-5894-1: curl vulnerabilities

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. This issue was only fixed in Ubunt...

5.9CVSS6.9AI score0.04929EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/27 12:51 p.m.69 views

USN-5893-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS8AI score0.09502EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 12:44 p.m.71 views

USN-5892-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. CVE-2022-3479 Christian Holler...

8.8CVSS7.8AI score0.00817EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 12:34 p.m.147 views

USN-5891-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. CVE-2023-23914 Harry Sintonen...

9.1CVSS6.5AI score0.01703EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/27 12:24 p.m.68 views

USN-5890-1: Open vSwitch vulnerabilities

Qian Chen discovered that Open vSwitch incorrectly handled certain Organization Specific TLVs. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.4AI score0.01324EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 11:46 a.m.80 views

USN-5889-1: ZoneMinder vulnerabilities

It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting XSS attack. This issue was only fixed in Ubuntu 16.04 ESM. CVE-2019-6777 It was discovered that ZoneMinder was not properly...

9.8CVSS7.2AI score0.66317EPSS
Exploits18
Ubuntu
Ubuntu
added 2023/02/27 8:32 a.m.119 views

USN-5887-1: ClamAV vulnerabilities

Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. CVE-2023-20032 Simon Scannell discovered that ClamAV incorrectly handled parsing DMG...

9.8CVSS8.1AI score0.29314EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/02/27 5:12 a.m.100 views

USN-5886-1: Intel Microcode vulnerabilities

Erik C. Bjorge discovered that some IntelR Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. CVE-2022-21216 Cfir Cohen, Erdem Aktas, Felix Wilhelm,...

7.5CVSS6.3AI score0.00539EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/27 12:45 a.m.65 views

USN-5885-1: APR vulnerability

Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime APR that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a denial of service or execute arbitary code...

9.8CVSS7.7AI score0.01472EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/23 4:9 p.m.74 views

USN-5884-1: Linux kernel (AWS) vulnerabilities

Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. CVE-2021-4155 Lee Jones discovered that a use-after-free vulnerabilit...

7.8CVSS6.9AI score0.02399EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/22 6:33 p.m.67 views

USN-5883-1: Linux kernel (HWE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 It was discovered that an out-of-bounds write vulnerability existed i...

8.8CVSS7.8AI score0.04947EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/22 6:23 p.m.134 views

USN-5882-1: DCMTK vulnerabilities

Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2015-8979...

9.8CVSS7.4AI score0.07629EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/02/22 1:17 p.m.42 views

USN-5739-2: MariaDB regression

USN-5739-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: MariaDB has been updated to 10.3.38 in Ubuntu 20.04 LTS and to 10.6.12 in Ubuntu 22.04 LTS and Ubuntu 22.10...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2023/02/21 3:53 p.m.71 views

USN-5881-1: Chromium vulnerabilities

It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0702...

8.8CVSS7.9AI score0.00883EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/21 9:41 a.m.64 views

USN-5807-2: libXpm vulnerabilities

USN-5807-1 fixed vulnerabilities in libXpm. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM fil...

8.8CVSS6.8AI score0.01284EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/20 3:14 a.m.74 views

USN-5880-1: Firefox vulnerabilities

Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. CVE-2023-0767 Johan Carlsson discovered that Firefox did not properly manag...

9.8CVSS7.7AI score0.00817EPSS
Exploits1
Ubuntu
Ubuntu
added 2023/02/16 2:38 p.m.134 views

USN-5879-1: Linux kernel (HWE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.5AI score0.02014EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/16 2:30 p.m.75 views

USN-5878-1: Linux kernel (Azure) vulnerabilities

It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly deallocate memory in some situations. An attacker could possibly use this cause a denial of service memory exhaustion. CVE-2022-3619 It was discovered that the Broadcom FullMAC USB WiFi driver in the Linu...

8.8CVSS6.9AI score0.01067EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/16 2:9 p.m.76 views

USN-5778-2: X.Org X Server vulnerabilities

USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these...

8.8CVSS8AI score0.02685EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/16 9:20 a.m.103 views

USN-5873-1: Go Text vulnerabilities

It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14040 It was discovered that Go Text incorrectly handled certain BCP 47 language...

7.5CVSS7.1AI score0.02297EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/15 11:5 p.m.95 views

USN-5877-1: Linux kernel (GKE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 Tamás Koczka discovered that the Bluetooth L2CAP handshake...

8.8CVSS7.6AI score0.02014EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/02/15 10:31 p.m.89 views

USN-5876-1: Linux kernel vulnerabilities

It was discovered that a memory leak existed in the Unix domain socket implementation of the Linux kernel. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2022-3543 It was discovered that the Bluetooth HCI implementation in the Linux kernel did not properly...

8.8CVSS7AI score0.01393EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/15 8:21 p.m.89 views

USN-5875-1: Linux kernel (GKE) vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Tamás Koczka discovered that th...

8.8CVSS7.4AI score0.21314EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/15 8:3 p.m.90 views

USN-5874-1: Linux kernel vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash or possibly...

8.8CVSS6.9AI score0.01067EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/15 12:50 p.m.78 views

USN-5872-1: NSS vulnerabilities

Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. CVE-2022-22747 Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker...

8.8CVSS8.2AI score0.0063EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/14 7:12 p.m.72 views

USN-5870-1: apr-util vulnerability

Ronald Crane discovered that APR-util did not properly handled memory when encoding or decoding certain input data. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

6.5CVSS6.5AI score0.01417EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/14 6:37 p.m.87 views

USN-5871-1: Git vulnerabilities

It was discovered that Git incorrectly handled certain repositories. An attacker could use this issue to make Git uses its local clone optimization even when using a non-local transport. CVE-2023-22490 Joern Schneeweisz discovered that Git incorrectly handled certain commands. An attacker could...

7.5CVSS7.3AI score0.01144EPSS
Exploits3
Ubuntu
Ubuntu
added 2023/02/14 5:9 p.m.64 views

USN-5869-1: HAProxy vulnerability

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions...

9.1CVSS7.6AI score0.05493EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/14 1:32 p.m.56 views

USN-5868-1: Django vulnerability

Jakob Ackermann discovered that Django incorrectly handled certain file uploads. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service...

7.5CVSS6.5AI score0.62575EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/14 9:21 a.m.65 views

LSN-0091-1: Kernel Live Patch Security Notice

It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2022-41222 Sönke...

8.8CVSS6.8AI score0.0123EPSS
Exploits2
Ubuntu
Ubuntu
added 2023/02/13 1:59 p.m.57 views

USN-5864-1: Fig2dev vulnerabilities

Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04...

7.1CVSS6AI score0.01241EPSS
Exploits14
Ubuntu
Ubuntu
added 2023/02/13 12:20 p.m.97 views

USN-5867-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

8.8CVSS7.7AI score0.00902EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/02/13 10:41 a.m.66 views

USN-5866-1: Nova vulnerabilities

It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's logs could exploit this issue and may obtain sensitive information. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2015-9543 It was discovered that...

8.3CVSS7AI score0.26792EPSS
Exploits4
Total number of security vulnerabilities10890