Lucene search
K
UbuntuRecent

10905 matches found

Ubuntu
Ubuntu
•added 2022/01/18 6:29 p.m.•99 views

USN-5234-1: Byobu vulnerability

Sander Bos discovered that Byobu incorrectly handled certain Apport data. An attacker could possibly use this issue to expose sensitive information...

7.5CVSS7.3AI score0.01616EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/18 5:13 p.m.•137 views

USN-5235-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. CVE-2021-41816 It was discovered that Ruby incorrectly handled certain regular expressions. An...

9.8CVSS7.3AI score0.04766EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/01/18 12:24 p.m.•101 views

USN-5233-1: ClamAV vulnerability

It was discovered that ClamAV incorrectly handled memory when the CLSCANGENERALCOLLECTMETADATA scan option was enabled. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...

7.5CVSS7.2AI score0.03061EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/17 1:14 p.m.•115 views

USN-5227-2: Pillow vulnerabilities

USN-5227-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...

9.8CVSS7.4AI score0.03399EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/13 10:52 p.m.•127 views

USN-5229-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information across domains, or execu...

10CVSS7.6AI score0.0134EPSS
Exploits6
Ubuntu
Ubuntu
•added 2022/01/13 1:41 p.m.•93 views

USN-5224-2: Ghostscript vulnerabilities

USN-5224-1 fixed several vulnerabilities in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a...

5.5CVSS6.8AI score0.01401EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/01/13 1:26 p.m.•122 views

USN-5227-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted file, a remote attacker could cause Pillow to hang, resulting in a denial of service. CVE-2021-23437 It was discovered that Pillow incorrectly handled...

9.8CVSS7.4AI score0.03399EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/13 12:43 a.m.•181 views

USN-5226-1: systemd vulnerability

It was discovered that systemd-tmpfiles employed uncontrolled recursion when removing deeply nested directory hierarchies. A local attacker could exploit this to cause systemd-tmpfiles to crash or have other unspecified impacts...

5.5CVSS7.1AI score0.01561EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/12 9:6 p.m.•124 views

USN-5210-2: Linux kernel regression

USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

7.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2022/01/12 7:31 p.m.•179 views

USN-5223-1: Apache Log4j 1.2 vulnerability

It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

7.5CVSS8.1AI score0.81147EPSS
Exploits9
Ubuntu
Ubuntu
•added 2022/01/12 12:46 p.m.•117 views

USN-5225-1: lxml vulnerability

It was discovered that lxml incorrectly handled certain XML and HTML files. An attacker could possibly use this issue to execute arbitrary code...

8.2CVSS7.7AI score0.02456EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/01/12 12:15 p.m.•109 views

USN-5224-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execut...

5.5CVSS6.5AI score0.01401EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/01/11 8:42 p.m.•177 views

USN-5222-1: Apache Log4j 2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

8.5CVSS7.5AI score0.99999EPSS
Exploits22
Ubuntu
Ubuntu
•added 2022/01/11 12:45 p.m.•96 views

USN-5043-2: Exiv2 regression

USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 incorrectly handled certain image...

5.5CVSS6.4AI score0.01051EPSS
Exploits0References1
Ubuntu
Ubuntu
•added 2022/01/11 5:22 a.m.•124 views

USN-5219-1: Linux kernel vulnerability

It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

7.1CVSS7.5AI score0.01095EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2022/01/11 4:58 a.m.•156 views

USN-5218-1: Linux kernel (OEM) vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...

9.8CVSS7.8AI score0.57853EPSS
Exploits5References1
Ubuntu
Ubuntu
•added 2022/01/11 4:56 a.m.•141 views

USN-5217-1: Linux kernel (OEM) vulnerabilities

It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-4090 It was discovered that the eBPF implementation in th...

7.1CVSS7.5AI score0.01095EPSS
Exploits1References1
Ubuntu
Ubuntu
•added 2022/01/10 8:51 p.m.•23 views

USN-5215-1: NLTK vulnerability

Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a denial of service...

7.5CVSS7.1AI score0.01649EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/10 11:14 a.m.•192 views

USN-5212-2: Apache HTTP Server vulnerabilities

USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use thi...

9.8CVSS8.3AI score0.97108EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/01/06 2:54 p.m.•110 views

USN-5213-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

6.5CVSS6.9AI score0.01604EPSS
Exploits0
Ubuntu
Ubuntu
•added 2022/01/06 2:48 p.m.•211 views

USN-5212-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. CVE-2021-44224 It was discovered that...

9.8CVSS8.3AI score0.97108EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/01/06 9:48 a.m.•110 views

LSN-0083-1: Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

8.8CVSS7.6AI score0.78684EPSS
Exploits29
Ubuntu
Ubuntu
•added 2022/01/06 3:56 a.m.•132 views

USN-5211-1: Linux kernel vulnerability

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages...

4.4CVSS6.6AI score0.00515EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/06 2:26 a.m.•142 views

USN-5209-1: Linux kernel vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that a race condition existed in the time...

7.8CVSS7.2AI score0.00669EPSS
Exploits2
Ubuntu
Ubuntu
•added 2022/01/06 2:15 a.m.•124 views

USN-5210-1: Linux kernel vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the Linux kernel did not properly...

7.8CVSS7.4AI score0.00669EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/01/06 2:5 a.m.•151 views

USN-5208-1: Linux kernel vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that a race condition existed in the...

9.8CVSS7.7AI score0.57853EPSS
Exploits4
Ubuntu
Ubuntu
•added 2022/01/05 5:31 p.m.•117 views

USN-5206-1: Linux kernel (OEM) vulnerability

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages...

4.4CVSS6.6AI score0.00515EPSS
Exploits1
Ubuntu
Ubuntu
•added 2022/01/05 5:3 p.m.•129 views

USN-5207-1: Linux kernel (OEM) vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...

9.8CVSS7.3AI score0.57853EPSS
Exploits3
Ubuntu
Ubuntu
•added 2022/01/05 1:21 p.m.•124 views

USN-5204-1: Django vulnerabilities

Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. CVE-2021-45115 Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. ...

7.5CVSS6.8AI score0.02397EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/20 10:35 p.m.•95 views

USN-5186-2: Firefox regressions

USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/12/19 5:39 p.m.•106 views

USN-5203-1: Apache Log4j 2 vulnerability

Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...

5.9CVSS7.4AI score0.99999EPSS
Exploits20
Ubuntu
Ubuntu
•added 2021/12/17 3:10 p.m.•97 views

USN-5201-1: Python vulnerabilities

It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...

7.5CVSS7.4AI score0.11586EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/17 2:59 p.m.•112 views

USN-5200-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2020-8492 It was...

7.5CVSS7AI score0.11586EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/12/17 2:53 p.m.•88 views

USN-5199-1: Python vulnerabilities

It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service ReDoS condition for a client. CVE-2021-3733 It w...

7.5CVSS7AI score0.11586EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/12/17 12:46 p.m.•116 views

USN-5192-2: Apache Log4j 2 vulnerability

USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this...

10CVSS7.9AI score0.99999EPSS
Exploits351
Ubuntu
Ubuntu
•added 2021/12/17 7:43 a.m.•172 views

USN-5202-1: OpenJDK vulnerabilities

Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information rudimentary por...

7.5CVSS6.2AI score0.14839EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/16 7:32 p.m.•78 views

USN-5198-1: HTMLDOC vulnerability

It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service...

7.8CVSS7.2AI score0.01268EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/16 9:18 a.m.•73 views

USN-5195-1: Mumble vulnerability

It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code...

8.8CVSS8.2AI score0.03203EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/15 7:6 p.m.•65 views

USN-5195-2: Mumble vulnerability

It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code...

8.8CVSS8.2AI score0.03203EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/15 7:2 p.m.•193 views

USN-5197-1: Apache Log4j 2 vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. An attacker could use this vulnerability to cause a denial of service. Please see the following link for more information:...

10CVSS7.4AI score0.99999EPSS
Exploits353
Ubuntu
Ubuntu
•added 2021/12/15 1:45 p.m.•24 views

USN-5194-1: Olm vulnerability

Denis Kasak discovered that Olm was not verifying the length of input being processed by the olmpkdecrypt module, which introduced a stack-based buffer overflow vulnerability to the library. An attacker could use this to cause a denial of service application crash or possibly execute arbitrary co...

9.8CVSS8.7AI score0.04262EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/14 6:13 p.m.•68 views

USN-5193-1: X.Org X Server vulnerabilities

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges...

7.8CVSS7.3AI score0.00571EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/14 1:39 p.m.•124 views

USN-5192-1: Apache Log4j 2 vulnerability

Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Please see the following link for more information:...

10CVSS7.9AI score0.99999EPSS
Exploits351
Ubuntu
Ubuntu
•added 2021/12/14 11:33 a.m.•62 views

USN-5191-1: Flatpak vulnerability

It was discovered that Flatpak incorrectly handled certain AFUNIX sockets. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement...

8.8CVSS6.9AI score0.00406EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/13 7:55 p.m.•89 views

USN-5174-2: Samba regression

USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original advisory...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/12/13 7:48 p.m.•90 views

USN-5189-1: GLib vulnerability

It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges...

5.5CVSS6.8AI score0.00531EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/12/13 7:47 p.m.•93 views

USN-5142-3: Samba regression

USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/showbug.cgi?id=14922 This update fixes the problem. Original...

7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/12/13 4:3 p.m.•76 views

USN-5188-1: Keepalived vulnerability

It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass...

5.5CVSS6.2AI score0.01159EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/09 6:55 p.m.•83 views

USN-5186-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary cod...

8.8CVSS7.5AI score0.0202EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/12/09 12:8 p.m.•34 views

USN-5173-2: libmodbus vulnerabilities

USN-5173-1 fixed vulnerabilities in libmodbus. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service o...

9.1CVSS7.6AI score0.01981EPSS
Exploits0
Total number of security vulnerabilities10905