Lucene search
K
UbuntuRecent

10905 matches found

Ubuntu
Ubuntu
•added 2022/03/31 10:55 p.m.•140 views

USN-5358-2: Linux kernel vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 It was discovered that the IPsec implementati...

8.6CVSS7.4AI score0.05524EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/31 10:14 p.m.•134 views

USN-5357-2: Linux kernel vulnerability

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.2AI score0.05524EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/31 6:51 p.m.•120 views

USN-5360-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640 It was discovered that Tomcat did not properly deserialize untrusted data. An...

7.5CVSS7.5AI score0.75353EPSS
Exploits16References1
Ubuntu
Ubuntu
•added 2022/03/31 12:44 p.m.•119 views

USN-5359-1: rsync vulnerability

Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/31 2:36 a.m.•119 views

USN-5358-1: Linux kernel vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 It was discovered that the IPsec implementati...

8.6CVSS7.4AI score0.05524EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/31 2:5 a.m.•120 views

USN-5357-1: Linux kernel vulnerability

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.2AI score0.05524EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/30 4:31 p.m.•157 views

USN-5355-2: zlib vulnerability

USN-5355-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/30 3:47 p.m.•116 views

USN-5356-1: DOSBox vulnerabilities

Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-7165 Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could...

9.8CVSS8.7AI score0.06685EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/30 2:24 p.m.•246 views

USN-5355-1: zlib vulnerability

Danilo Ramos discovered that zlib incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.2AI score0.51733EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/30 8:17 a.m.•103 views

USN-5354-1: Twisted vulnerabilities

It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21712 It was discovered that Twisted incorrectly processed SSH handshake data on connection...

7.5CVSS7.4AI score0.03608EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/29 3:48 p.m.•91 views

USN-5351-2: Paramiko vulnerability

USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain...

5.9CVSS6.6AI score0.0208EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/29 10:6 a.m.•131 views

USN-5313-2: OpenJDK 11 regression

USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...

6.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2022/03/28 11:13 p.m.•120 views

USN-5353-1: Linux kernel (OEM) vulnerability

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.8CVSS7.2AI score0.05524EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/28 6:59 p.m.•112 views

USN-5352-1: Libtasn1 vulnerability

It was discovered that Libtasn1 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

7.1CVSS6.3AI score0.02008EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/28 4:43 p.m.•94 views

USN-5351-1: Paramiko vulnerability

Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys...

5.9CVSS6.5AI score0.0208EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/28 1:22 p.m.•46 views

USN-5348-2: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 16.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

9.8CVSS7.2AI score0.82316EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/28 12:48 p.m.•86 views

USN-5349-1: GNU binutils vulnerability

It was discovered that GNU binutils gold incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...

5.5CVSS6.5AI score0.01115EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/28 12:33 p.m.•124 views

USN-5350-1: Chromium vulnerability

It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS8.9AI score0.24237EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/28 10:9 a.m.•99 views

USN-5348-1: Smarty vulnerabilities

David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. CVE-2018-13982 It was discovered that Smarty was incorrectly sanitizing the...

9.8CVSS7.2AI score0.82316EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/03/28 9:39 a.m.•159 views

USN-5342-1: Python vulnerabilities

David Schwörer discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2021-3426 It was discovered that Python incorrectly handled certain FTP requests. An attacker could...

7.5CVSS7.8AI score0.08325EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/24 3:26 p.m.•122 views

USN-5321-3: Firefox regressions

USN-5321-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.5AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2022/03/24 12:13 p.m.•117 views

USN-5347-1: OpenVPN vulnerability

It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials...

9.8CVSS7.4AI score0.03519EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/24 5:3 a.m.•149 views

USN-5346-1: Linux kernel (OEM) vulnerability

It was discovered that the ICMPv6 implementation in the Linux kernel did not properly deallocate memory in certain situations. A remote attacker could possibly use this to cause a denial of service memory exhaustion...

9.1CVSS7AI score0.04919EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/23 10:44 p.m.•109 views

USN-5345-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined...

9.6CVSS7.8AI score0.00931EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/03/23 12:40 p.m.•100 views

USN-5336-1: libjpeg9 vulnerabilities

Aladdin Mubaied discovered that the cjpeg utility in libjpeg9 did not properly validate the input image's size. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2016-3616 It was discovered that the cjpeg utility in libjpeg9 incorrectly handled...

8.8CVSS7AI score0.05074EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/03/23 8:58 a.m.•133 views

LSN-0085-1: Kernel Live Patch Security Notice

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges.CVE-2022-0492 Nick Gregory discovered that the Linux kernel incorrectly...

7.8CVSS7.5AI score0.05528EPSS
Exploits17
Ubuntu
Ubuntu
•added 2022/03/23 8:57 a.m.•62 views

USN-5340-2: CKEditor vulnerabilities

USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...

7.3CVSS7AI score0.04327EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/22 8:5 p.m.•153 views

USN-5343-1: Linux kernel vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 It was discovered that the aufs file system in the Linux...

7.8CVSS7.8AI score0.07604EPSS
Exploits34
Ubuntu
Ubuntu
•added 2022/03/22 4:43 p.m.•504 views

USN-5340-1: CKEditor vulnerabilities

Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. CVE-2018-9861 Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could...

7.6CVSS7AI score0.04327EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/22 12:12 p.m.•168 views

USN-5341-1: GNU binutils vulnerabilities

It was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. CVE-2017-17122 It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug...

7.8CVSS6.6AI score0.01885EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/22 7:46 a.m.•162 views

USN-5339-1: Linux kernel vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 It was discovered that an out-of-bounds OOB memory acces...

9CVSS7.7AI score0.67994EPSS
Exploits16
Ubuntu
Ubuntu
•added 2022/03/22 7:26 a.m.•206 views

USN-5338-1: Linux kernel vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 Jürgen Groß discovered that the Xen subsystem within the...

9CVSS7.8AI score0.67994EPSS
Exploits16
Ubuntu
Ubuntu
•added 2022/03/22 6:27 a.m.•211 views

USN-5337-1: Linux kernel vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-23222 Yiqi Sun and Kevin Wang discovered that the cgrou...

9.1CVSS7.6AI score0.67994EPSS
Exploits26
Ubuntu
Ubuntu
•added 2022/03/18 11:18 a.m.•132 views

USN-5335-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain values when processing XPM image data or large images. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execut...

7.8CVSS7.1AI score0.02011EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/03/17 7:10 p.m.•179 views

USN-5333-2: Apache HTTP Server vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

9.8CVSS8.6AI score0.69803EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/17 1:49 p.m.•117 views

USN-5332-2: Bind vulnerability

USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. ...

6.8CVSS7AI score0.0325EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/17 12:47 p.m.•147 views

USN-5321-2: Firefox vulnerabilities

USN-5321-1 fixed vulnerabilities in Firefox. The update didn't include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down search menu. Original advisory details: Multiple...

9.6CVSS7.5AI score0.00931EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/03/17 12:46 p.m.•136 views

USN-5334-1: man-db vulnerability

It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code...

7.8CVSS7.6AI score0.01047EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/17 11:31 a.m.•343 views

USN-5333-1: Apache HTTP Server vulnerabilities

Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2022-22719 James Kettle discovered that the Apache HTTP Serv...

9.8CVSS8.4AI score0.69803EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/17 11:19 a.m.•140 views

USN-5332-1: Bind vulnerabilities

Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. CVE-2021-25220 It was discovered that Bind incorrectly handled certain crafted TC...

6.8CVSS6.6AI score0.0325EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/16 12:53 p.m.•135 views

USN-5331-1: tcpdump vulnerabilities

It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2018-16301 It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use th...

7.8CVSS7.1AI score0.03071EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/15 6:12 p.m.•199 views

USN-5328-2: OpenSSL vulnerability

USN-5328-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause...

7.5CVSS7AI score0.70561EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/15 6:3 p.m.•135 views

USN-5330-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations...

7.5CVSS7.5AI score0.00965EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/15 5:52 p.m.•117 views

USN-5329-1: tar vulnerability

It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to cause tar to crash, resulting in a denial of service...

4.3CVSS6.5AI score0.01092EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/15 4:45 p.m.•136 views

USN-5328-1: OpenSSL vulnerability

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to stop responding, resulting in a denial of service...

7.5CVSS7AI score0.70561EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/15 1:16 p.m.•108 views

USN-5327-1: rsh vulnerability

Hiroyuki Yamamori discovered that rsh incorrectly handled certain filenames. If a user or automated system were tricked into connecting to a malicious rsh server, a remote attacker could possibly use this issue to modify directory permissions...

5.9CVSS6.4AI score0.02067EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/03/14 5:30 p.m.•138 views

USN-5325-1: Zsh vulnerabilities

Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. CVE-2019-20044 It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-45...

7.8CVSS7.8AI score0.0198EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/14 11:1 a.m.•146 views

USN-5324-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.7AI score0.0601EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/14 10:54 a.m.•104 views

USN-5323-1: NBD vulnerabilities

It was discovered that NBD incorrectly handled name length fields. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS8.6AI score0.0347EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/10 8:21 p.m.•122 views

USN-5322-1: Subversion vulnerability

Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.3AI score0.40075EPSS
Exploits1
Total number of security vulnerabilities10905