Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
added 2021/10/05 2:5 p.m.106 views

USN-5104-1: Squid vulnerability

Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information...

5.3CVSS5.9AI score0.13005EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 10:48 p.m.130 views

USN-5103-1: docker.io vulnerability

Lei Wang and Ruizhi Xiao discovered that the Moby Docker engine in Docker incorrectly allowed the docker cp command to make permissions changes in the host filesystem in some situations. A local attacker could possibly use to this to expose sensitive information or gain administrative privileges...

6.3CVSS6.1AI score0.0027EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 5:25 p.m.115 views

USN-5102-1: Mercurial vulnerabilities

It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...

9.1CVSS6.9AI score0.02033EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 4:59 p.m.94 views

USN-5101-1: MongoDB vulnerability

It was discovered that MongoDB incorrectly handled certain wire protocol messages. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service...

7.5CVSS7.3AI score0.01655EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 4:51 p.m.171 views

USN-5100-1: containerd vulnerability

It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute program...

7.8CVSS6.6AI score0.00482EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 3:9 p.m.93 views

USN-5099-1: Imlib2 vulnerability

It was discovered that Imlib2 incorrectly handled certain ICO images. An attacker could use this issue to cause a denial of service and possibly execute arbitrary code...

9.1CVSS8.5AI score0.01589EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/10/04 12:4 p.m.183 views

USN-4973-2: Python vulnerability

USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: 1928057. This update fixes the problem. Original advisory details: It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker...

9.8CVSS7.5AI score0.06827EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2021/09/30 9:3 p.m.96 views

USN-5098-1: bl vulnerability

It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information...

6.5CVSS7.3AI score0.02183EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/30 8:14 p.m.94 views

USN-5097-1: LedgerSMB vulnerabilities

It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code. CVE-2021-3693, CVE-2021-3694, CVE-2021-3731...

9.6CVSS6.3AI score0.03014EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/30 5:4 p.m.145 views

USN-5094-2: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...

8.7CVSS7AI score0.00734EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/30 3:51 p.m.143 views

USN-5091-2: Linux kernel (Raspberry Pi) vulnerabilities

Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. CVE-2021-33624 It was...

7.8CVSS6.9AI score0.01245EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/09/29 10:27 p.m.158 views

USN-5096-1: Linux kernel (OEM) vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect again...

7.8CVSS7.7AI score0.03365EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/09/29 4:49 p.m.146 views

USN-5095-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

5.8CVSS6.8AI score0.10608EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/29 9:2 a.m.141 views

USN-5092-2: Linux kernel vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in...

7.8CVSS7.4AI score0.03365EPSS
Exploits8
Ubuntu
Ubuntu
added 2021/09/29 8:14 a.m.150 views

USN-5094-1: Linux kernel vulnerabilities

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...

8.7CVSS7.3AI score0.00734EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/28 3:5 p.m.160 views

USN-5090-4: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

7.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/28 1:28 p.m.186 views

USN-5090-3: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

7.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/28 10:46 a.m.139 views

USN-5093-1: Vim vulnerabilities

Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issu...

8.6CVSS7.7AI score0.01749EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/09/28 4:9 a.m.144 views

USN-5092-1: Linux kernel vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in...

7.8CVSS7.4AI score0.03365EPSS
Exploits8
Ubuntu
Ubuntu
added 2021/09/28 2:30 a.m.148 views

USN-5091-1: Linux kernel vulnerabilities

Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. CVE-2021-33624 It was...

7.8CVSS7.4AI score0.01245EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/09/27 4:46 p.m.234 views

USN-5090-2: Apache HTTP Server vulnerabilities

USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly us...

9.8CVSS8.1AI score0.99999EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/09/27 2:6 p.m.216 views

USN-5090-1: Apache HTTP Server vulnerabilities

James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. CVE-2021-33193 It was discovered that the Apache HTTP Server incorrectly handled...

9.8CVSS7.6AI score0.99999EPSS
Exploits6
Ubuntu
Ubuntu
added 2021/09/23 1:1 p.m.93 views

USN-5089-2: ca-certificates update

USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/23 11:46 a.m.90 views

USN-5089-1: ca-certificates update

The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/23 11:39 a.m.129 views

USN-5088-1: EDK II vulnerabilities

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2019-11098 Paul Kehrer discovered that OpenSSL use...

8.1CVSS7.3AI score0.50732EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/22 4:32 p.m.121 views

USN-5087-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

8.8CVSS7.5AI score0.13486EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/22 2:9 p.m.102 views

USN-5086-1: Linux kernel vulnerability

Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/22 1:29 p.m.109 views

USN-5085-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.4AI score0.02134EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/22 12:34 a.m.134 views

USN-5071-3: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute...

8.7CVSS7.4AI score0.00687EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/22 12:24 a.m.132 views

USN-5073-3: Linux kernel (Raspberry Pi) vulnerabilities

Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 Murray McAllister discovered that the...

7.8CVSS7.3AI score0.00687EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/21 1:7 p.m.130 views

USN-5079-4: curl regression

USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/21 11:41 a.m.104 views

USN-5084-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

6.5CVSS7AI score0.01456EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/21 11:34 a.m.153 views

USN-5079-3: curl vulnerabilities

USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote...

6.9AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/09/17 6:27 a.m.176 views

USN-5073-2: Linux kernel (GCP) vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS7.3AI score0.00687EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/16 5:27 p.m.152 views

USN-5083-1: Python vulnerabilities

It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. CVE-2021-3733 It was discovered that Python incorrectly handled certain server responses. An attacker could possibly u...

7.5CVSS7AI score0.11586EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/16 5:13 p.m.183 views

USN-5071-2: Linux kernel (HWE) vulnerabilities

USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for...

8.8CVSS7.2AI score0.00687EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/16 4:49 p.m.163 views

USN-5082-1: Linux kernel (OEM) vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS6.8AI score0.00658EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/16 4:34 p.m.123 views

USN-5081-1: Qt vulnerabilities

It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. CVE-2020-17507 It was discovered that Qt incorrectly handled...

7.5CVSS7AI score0.03915EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/16 4:7 p.m.151 views

USN-5080-2: Libgcrypt vulnerabilities

USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information...

7.5CVSS6.8AI score0.02342EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/16 11:12 a.m.140 views

USN-5080-1: Libgcrypt vulnerabilities

It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information...

7.5CVSS6.8AI score0.02342EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/15 3:26 p.m.123 views

USN-5078-2: Squashfs-Tools vulnerabilities

USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write...

8.1CVSS6.7AI score0.025EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/15 12:34 p.m.124 views

USN-5079-2: curl vulnerabilities

USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl woul...

7.5CVSS6.8AI score0.04224EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/15 11:11 a.m.162 views

USN-5079-1: curl vulnerabilities

It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2021-22945 Patrick Monnerat discovered that curl incorrectly handled...

9.1CVSS6.9AI score0.06216EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/09/15 2:39 a.m.131 views

USN-5078-1: Squashfs-Tools vulnerability

Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

8.1CVSS7AI score0.02296EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/14 1:21 p.m.103 views

USN-5077-2: Apport vulnerabilities

USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local...

6.5CVSS6AI score0.00448EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/14 11:54 a.m.100 views

USN-5077-1: Apport vulnerabilities

Maik Münch and Stephen Röttger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information...

6.5CVSS6AI score0.00448EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/09/13 2:49 p.m.112 views

USN-5076-1: Git vulnerability

It was discovered that Git allowed newline characters in certain repository paths. An attacker could potentially use this issue to perform cross-protocol requests...

7.5CVSS8AI score0.03074EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/09/13 9:12 a.m.140 views

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

8.8CVSS7.4AI score0.78684EPSS
Exploits28
Ubuntu
Ubuntu
added 2021/09/10 11:57 a.m.115 views

USN-5075-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...

9.9CVSS8.6AI score0.83913EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/09/09 6:42 p.m.110 views

USN-5074-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass mixed content blocking, or execute arbitrary code...

8.8CVSS8.1AI score0.01205EPSS
Exploits0
Total number of security vulnerabilities10918