Lucene search
K
UbuntuRecent

10905 matches found

Ubuntu
Ubuntu
•added 2022/03/10 6:57 p.m.•149 views

USN-5321-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary...

9.6CVSS7.3AI score0.00931EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/03/10 1:19 p.m.•149 views

USN-5320-1: Expat vulnerabilities and regression

USN-5288-1 fixed several vulnerabilities in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use...

9.8CVSS7.7AI score0.04781EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2022/03/09 2:2 a.m.•160 views

USN-5319-1: Linux kernel vulnerabilities

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information...

6.5CVSS6.7AI score0.00508EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2022/03/09 12:42 a.m.•172 views

USN-5318-1: Linux kernel vulnerabilities

Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-25636 Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida...

7.8CVSS7.5AI score0.02633EPSS
Exploits6References1
Ubuntu
Ubuntu
•added 2022/03/09 12:0 a.m.•297 views

USN-5317-1: Linux kernel vulnerabilities

Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-25636 Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida...

7.8CVSS7.5AI score0.88106EPSS
Exploits106References1
Ubuntu
Ubuntu
•added 2022/03/08 3:54 a.m.•345 views

USN-5316-1: Redis vulnerability

Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scripts could possibly escape the Lua sandbox and execute arbitrary code on the host...

10CVSS9.1AI score0.9967EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/03/07 11:47 p.m.•64 views

USN-5308-1: libssh2 vulnerabilities

It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. CVE-2019-3855 It was discovered that libssh2 incorrectly handled prompt...

9.3CVSS8.1AI score0.11659EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/07 2:1 p.m.•193 views

USN-5310-2: GNU C Library vulnerabilities

USN-5310-1 fixed several vulnerabilities in GNU. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to cras...

9.8CVSS8.2AI score0.04729EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/03/07 12:38 p.m.•148 views

USN-5300-3: PHP vulnerabilities

USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. CVE-2015-9253, CVE-2017-8923...

9.8CVSS7.2AI score0.25951EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/03/07 11:29 a.m.•142 views

USN-5313-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. CVE-2022-21248 It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issu...

5.3CVSS6.3AI score0.08346EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/06 9:11 p.m.•119 views

USN-5314-1: Firefox vulnerabilities

A use-after-free was discovered when removing an XSLT parameter in some circumstances. If a user were tricked into opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. CVE-2022-26485 A use-after-free was discovered in the...

9.6CVSS8.1AI score0.14261EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/03/03 2:55 p.m.•120 views

USN-5311-1: containerd vulnerability

It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information...

7.5CVSS7.5AI score0.27392EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/03/03 1:58 p.m.•147 views

USN-5300-2: PHP vulnerabilities

USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service...

9.8CVSS7.2AI score0.25951EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/03/03 1:18 p.m.•127 views

USN-5312-1: HAProxy vulnerability

It was discovered that HAProxy incorrectly handled certain headers. A remote attacker could possibly use this issue to cause HAProxy to stop responding, resulting in a denial of service...

7.5CVSS7.4AI score0.16563EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/03/01 3:9 p.m.•281 views

USN-5310-1: GNU C Library vulnerabilities

Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS7.4AI score0.05223EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/28 5:44 p.m.•96 views

USN-5309-1: virglrenderer vulnerabilities

It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-0135 It was discovered that virglrenderer incorrectly initialized memory...

7.8CVSS6.5AI score0.0038EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/28 1:3 p.m.•163 views

USN-5307-1: QEMU vulnerabilities

Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2021-20196 Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. A...

8.5CVSS7.3AI score0.02904EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/02/28 12:33 p.m.•118 views

USN-5306-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7AI score0.01973EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/28 12:28 p.m.•119 views

USN-5305-1: MariaDB vulnerabilities

Several security issues were discovered in MariaDB and this update includes new upstream MariaDB versions to fix these issues. MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new feature...

7.8CVSS6.7AI score0.00645EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/02/28 12:20 p.m.•131 views

USN-5303-1: PHP vulnerability

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

9.8CVSS7.9AI score0.03002EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/28 12:18 p.m.•109 views

USN-5304-1: PolicyKit vulnerability

Kevin Backhouse discovered that PolicyKit incorrectly handled file descriptors. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service...

5.5CVSS6.7AI score0.0053EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/24 1:23 p.m.•133 views

USN-5292-4: snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

7.5AI score
Exploits0References2
Ubuntu
Ubuntu
•added 2022/02/22 10:45 p.m.•150 views

USN-5302-1: Linux kernel (OEM) vulnerabilities

Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 releaseagent feature. A local attacker could use this to gain administrative privileges. CVE-2022-0492 Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex...

9CVSS7.3AI score0.67994EPSS
Exploits15
Ubuntu
Ubuntu
•added 2022/02/22 9:37 p.m.•133 views

USN-5301-2: Cyrus SASL vulnerability

USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrar...

8.8CVSS8.2AI score0.04123EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/22 8:26 p.m.•167 views

USN-5300-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120 It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this iss...

9.8CVSS7AI score0.25951EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/02/22 6:29 p.m.•123 views

USN-5301-1: Cyrus SASL vulnerability

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

8.8CVSS8.2AI score0.04123EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/22 10:19 a.m.•50 views

USN-5293-2: c3p0 vulnerability

USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could...

7.5CVSS7AI score0.04882EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/22 10:16 a.m.•145 views

USN-5299-1: Linux kernel vulnerabilities

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. CVE-2020-26147 It was discovered that the bluetooth...

7.8CVSS8.2AI score0.07604EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/02/22 9:27 a.m.•152 views

USN-5298-1: Linux kernel vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Jürgen Groß discovered that the Xen subsystem...

7.8CVSS7.5AI score0.05918EPSS
Exploits8
Ubuntu
Ubuntu
•added 2022/02/22 7:52 a.m.•149 views

USN-5294-2: Linux kernel vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Szymon Heidrich discovered that the USB Gadget...

7.8CVSS7.4AI score0.05918EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/02/22 7:43 a.m.•164 views

USN-5297-1: Linux kernel (GKE) vulnerabilities

Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service system crash or possibly...

7.8CVSS7.1AI score0.02579EPSS
Exploits7
Ubuntu
Ubuntu
•added 2022/02/22 7:14 a.m.•260 views

USN-5295-2: Linux kernel vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Jann Horn discovered a race condition in the Un...

7.8CVSS7.3AI score0.05918EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/21 5:25 p.m.•236 views

USN-4478-2: Python-RSA vulnerability

USN-4478-1 fixed a vulnerability in Python-RSA. This update provides the corresponding update for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issu...

7.5CVSS7.4AI score0.01359EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/21 3:55 p.m.•149 views

USN-5293-1: c3p0 vulnerability

Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service...

7.5CVSS7AI score0.04882EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/21 2:48 p.m.•193 views

USN-5288-1: Expat vulnerabilities

It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.5AI score0.34174EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/02/18 2:21 a.m.•109 views

USN-5292-3: snapd vulnerabilities

USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly...

8.8CVSS7.5AI score0.00966EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/18 1:7 a.m.•144 views

USN-5292-2: snapd vulnerabilities

USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to...

8.8CVSS7.5AI score0.00966EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/18 12:41 a.m.•159 views

USN-5295-1: Linux kernel (HWE) vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Jann Horn discovered a race condition in the Un...

7.8CVSS7.3AI score0.05918EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/18 12:35 a.m.•147 views

USN-5294-1: Linux kernel vulnerabilities

It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-22600 Szymon Heidrich discovered that the USB Gadget...

7.8CVSS7.4AI score0.05918EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/02/17 5:24 p.m.•124 views

USN-5292-1: snapd vulnerabilities

James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. CVE-2021-3155 Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local...

8.8CVSS7.4AI score0.00966EPSS
Exploits5
Ubuntu
Ubuntu
•added 2022/02/17 1:54 p.m.•116 views

USN-5291-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. CVE-2021-23177, CVE-2021-31566 It was...

7.8CVSS7.3AI score0.02845EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/17 6:11 a.m.•160 views

USN-5267-3: Linux kernel (Raspberry Pi) vulnerabilities

USN-5267-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Raspberry Pi devices. Original advisory details: It was discovered that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local...

7.9CVSS6.9AI score0.01736EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/02/15 3:20 p.m.•133 views

USN-5286-1: cryptsetup vulnerability

Milan Broz discovered that cryptsetup incorrectly handled LUKS2 reencryption recovery. An attacker with physical access to modify the encrypted device header may trigger the device to be unencrypted the next time it is mounted by the user. On Ubuntu 20.04 LTS, this issue was fixed by disabling th...

4.3CVSS7AI score0.0028EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/15 10:22 a.m.•31 views

USN-5108-2: Libntlm vulnerability

USN-5108-1 fixed a vulnerability in Libntlm. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libntlm incorrectly handled specially crafted NTML requests. An attacker could possibly use this issue to cause a...

9.8CVSS8.2AI score0.03107EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/14 3:13 p.m.•125 views

USN-5284-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. CVE-2022-0511,...

9.6CVSS8AI score0.00926EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/11 2:43 p.m.•119 views

USN-5283-1: Tar for Node.js vulnerability

It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a directory traversal attack...

8.2CVSS7.2AI score0.07795EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/02/11 7:28 a.m.•122 views

USN-5267-2: Linux kernel regression

USN-5267-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused the kernel to freeze when accessing CIFS shares in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2022/02/10 12:14 p.m.•94 views

USN-5280-1: Speex vulnerability

It was discovered that Speex incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service...

5.5CVSS6.3AI score0.0094EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/02/09 1:26 p.m.•194 views

USN-5279-1: util-linux vulnerabilities

It was discovered that util-linux incorrectly handled unmounting FUSE filesystems. A local attacker could possibly use this issue to unmount FUSE filesystems belonging to other users...

5.5CVSS6.4AI score0.00634EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/02/09 2:16 a.m.•136 views

USN-5278-1: Linux kernel (OEM) vulnerabilities

It was discovered that the rlimit tracking for user namespaces in the Linux kernel did not properly perform reference counting, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-24122 It was...

7.8CVSS7.4AI score0.05918EPSS
Exploits18
Total number of security vulnerabilities10905