Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
•added 2021/09/09 1:48 a.m.•151 views

USN-5073-1: Linux kernel vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS7.3AI score0.00687EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/09/08 11:48 p.m.•142 views

USN-5072-1: Linux kernel vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS6.6AI score0.00658EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/09/08 11:41 p.m.•150 views

USN-5071-1: Linux kernel vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS7.2AI score0.00687EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/09/08 11:38 p.m.•187 views

USN-5070-1: Linux kernel vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS7.3AI score0.03354EPSS
Exploits5
Ubuntu
Ubuntu
•added 2021/09/08 5:11 p.m.•93 views

USN-5069-2: mod-auth-mellon vulnerability

USN-5069-1 fixed a vulnerability in mod-auth-mellon. This update provides the corresponding updates for Ubuntu 21.04. Original advisory details: It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 1:28 p.m.•104 views

USN-5066-2: PySAML2 vulnerability

USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7.1AI score0.0118EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/09/08 1:8 p.m.•118 views

USN-5068-1: GD library vulnerabilities

It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. CVE-2017-6363 I...

8.1CVSS6.4AI score0.02051EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/09/08 11:46 a.m.•103 views

USN-5069-1: mod-auth-mellon vulnerability

It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack...

6.1CVSS6.2AI score0.00752EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 11:40 a.m.•178 views

USN-5067-1: SSSD vulnerabilities

Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. CVE-2018-10852 It was discovered that SSSD incorrectly handled Group Policy Objects. Whe...

9.3CVSS6.3AI score0.02524EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 11:28 a.m.•103 views

USN-5066-1: PySAML2 vulnerability

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7AI score0.0118EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/09/08 11:21 a.m.•108 views

USN-5065-1: Open vSwitch vulnerability

It was discovered that Open vSwitch incorrectly handled decoding RAWENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.5CVSS6.6AI score0.0118EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/09/08 11:14 a.m.•123 views

USN-5064-1: GNU cpio vulnerability

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7AI score0.0415EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/09/08 11:6 a.m.•113 views

USN-5063-1: HAProxy vulnerabilities

Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks...

7.5CVSS7.8AI score0.57934EPSS
Exploits6
Ubuntu
Ubuntu
•added 2021/09/08 12:51 a.m.•144 views

USN-5062-1: Linux kernel vulnerability

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory...

8.8CVSS6.6AI score0.00413EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/09/03 6:48 p.m.•62 views

USN-5054-2: uWSGI vulnerability

USN-5054-1 fixed a vulnerability in uWSGI for Ubuntu 18.04 LTS. This update provides the corresponding fixes for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability ...

9.8CVSS7.5AI score0.90039EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/09/03 6:43 p.m.•53 views

USN-5061-1: Scilab vulnerabilities

It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...

7.5CVSS7.1AI score0.01402EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/09/01 6:49 p.m.•134 views

USN-5051-4: OpenSSL regression

USN-5051-2 introduced a regression in OpenSSL that affected only Ubuntu 14.04 ESM. This update fix the regression. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resultin...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/31 5:40 p.m.•93 views

USN-5060-2: NTFS-3G vulnerabilities

USN-5060-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary co...

5.9AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/31 4:32 p.m.•102 views

USN-5060-1: NTFS-3G vulnerabilities

It was discovered that NTFS-3G incorrectly handled certain image file. An attacker could possibly use this issue to execute arbitrary code...

5.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/31 12:15 p.m.•138 views

USN-5058-1: Thunderbird vulnerabilities

It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. CVE-2021-29969 Multiple security issues were discovered in...

8.8CVSS7.8AI score0.03582EPSS
Exploits6
Ubuntu
Ubuntu
•added 2021/08/31 12:34 a.m.•125 views

USN-5057-1: Squashfs-Tools vulnerability

Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

8.1CVSS6.7AI score0.025EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/08/30 7:55 p.m.•409 views

USN-5054-1: uWSGI vulnerability

Felix Wilhelm discovered a buffer overflow flaw in the modproxyuwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution...

9.8CVSS7.4AI score0.90039EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/30 1:52 p.m.•121 views

USN-5056-1: APR vulnerability

It was discovered that APR incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

7.1CVSS6.5AI score0.01185EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/30 12:17 p.m.•104 views

USN-5055-1: GNOME grilo vulnerability

Michael Catanzaro discovered that grilo incorrectly handled certain TLS certificate verification. An attacker could possibly use this issue to MITM attacks...

5.9CVSS5.9AI score0.00866EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/26 3:37 p.m.•117 views

USN-5053-1: libssh vulnerability

It was discovered that libssh incorrectly handled rekeying. A remote attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.5CVSS6.8AI score0.04683EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/26 12:53 p.m.•155 views

USN-5051-3: OpenSSL vulnerability

USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause...

7.4CVSS6.8AI score0.50445EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/26 12:40 p.m.•180 views

USN-5051-2: OpenSSL vulnerability

USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL...

7.4CVSS6.8AI score0.50445EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/26 1:55 a.m.•123 views

USN-5052-1: MongoDB vulnerability

MongoDB would fail to properly invalidate existing sessions for deleted users. This could allow a remote authenticated attacker to gain elevated privileges if their user account was recreated with elevated privileges...

7.1CVSS7AI score0.01225EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/08/25 1:30 p.m.•91 views

USN-5037-2: Firefox regression

USN-5037-1 fixed vulnerabilities in Firefox. The update introduced a regression that caused Firefox to repeatedly prompt for a password. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user wer...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/24 3:26 p.m.•165 views

USN-5051-1: OpenSSL vulnerabilities

John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. CVE-2021-3711 Ingo Schwarze discovered that OpenSSL...

9.8CVSS6.8AI score0.87816EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/08/24 6:40 a.m.•234 views

USN-5044-1: Linux kernel vulnerabilities

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2021-3564 It was discovered that th...

6.9CVSS7AI score0.00485EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/24 6:29 a.m.•147 views

USN-5050-1: Linux kernel vulnerabilities

It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. CVE-2020-26558, CVE-2021-0129 Michael Brown discovered that the Xen netback driver in the Linux kernel did...

7.8CVSS7.4AI score0.00872EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/08/20 5:56 p.m.•57 views

USN-5048-2: Inetutils vulnerability

USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes ...

10CVSS8.2AI score0.74513EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/19 7:14 p.m.•120 views

USN-5048-1: Inetutils vulnerability

It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

10CVSS8.2AI score0.74513EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/19 2:53 p.m.•119 views

USN-5047-1: Firefox vulnerability

It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks...

8.1CVSS8.3AI score0.00885EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/18 10:17 p.m.•205 views

USN-5045-1: Linux kernel vulnerabilities

Norbert Slusarek discovered that the CAN broadcast manger bcm protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-34693 It was discovered that the bluetooth...

6.9CVSS7AI score0.00485EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/08/18 5:29 p.m.•260 views

USN-5046-1: Linux kernel vulnerabilities

It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. CVE-2020-26558, CVE-2021-0129 Michael Brown discovered that the Xen netback driver in the Linux kernel did...

7.8CVSS7.4AI score0.00872EPSS
Exploits2
Ubuntu
Ubuntu
•added 2021/08/17 5:31 p.m.•117 views

USN-5043-1: Exiv2 vulnerabilities

It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. CVE-2021-32815, CVE-2021-34334, CVE-2021-37620, CVE-2021-37622 It was discovered that Exiv2 incorrectly handled certain image files. An attacker could...

5.5CVSS6.3AI score0.01109EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/17 5:1 p.m.•110 views

USN-5042-1: HAProxy vulnerabilities

It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions...

5.4AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/17 2:7 p.m.•23 views

USN-5041-1: libapreq2 vulnerability

It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain crafted HTTP requests. An attacker could possibly use the vulnerability to cause libapreq2 to crash...

7.5CVSS6.9AI score0.03941EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/16 2:4 p.m.•143 views

LSN-0080-1: Kernel Live Patch Security Notice

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt implementation. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code.CVE-2021-22555...

8.3CVSS7AI score0.78684EPSS
Exploits21
Ubuntu
Ubuntu
•added 2021/08/13 1:3 p.m.•163 views

USN-5022-2: MariaDB vulnerabilities

USN-5022-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2021-2372 and CVE-2021-2389 in MariaDB 10.3 and 10.5. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the...

7.1CVSS7AI score0.08216EPSS
Exploits0
Ubuntu
Ubuntu
•added 2021/08/12 10:28 p.m.•157 views

USN-5039-1: Linux kernel vulnerability

Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt implementation. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

8.3CVSS7AI score0.78684EPSS
Exploits21
Ubuntu
Ubuntu
•added 2021/08/12 5:19 p.m.•137 views

USN-5038-1: PostgreSQL vulnerabilities

It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. This issue only affected Ubuntu 20.04 L...

6.5CVSS7.8AI score0.62906EPSS
Exploits3
Ubuntu
Ubuntu
•added 2021/08/12 11:59 a.m.•374 views

USN-3809-2: OpenSSH regression

USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Robert Swiecki discovered that OpenSSH incorrectly...

6.8AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/11 7:25 p.m.•128 views

USN-5037-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, or execute arbitrary code...

8.8CVSS7.7AI score0.01451EPSS
Exploits6
Ubuntu
Ubuntu
•added 2021/08/10 7:58 p.m.•53 views

USN-4867-1: runC vulnerabilities

It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. CVE-2019-16884 Etienne Champetier discovered that runC incorrectly checked mount targets. An attacker with a malicious...

8.5CVSS7AI score0.06604EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/08/10 5:15 p.m.•106 views

USN-5034-2: c-ares vulnerability

USN-5034-1 fixed a vulnerability in c-ares. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use...

6.8CVSS7.1AI score0.02617EPSS
Exploits1
Ubuntu
Ubuntu
•added 2021/08/10 12:3 p.m.•134 views

USN-5035-1: GPSd vulnerability

It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31...

5.3AI score
Exploits0References1
Ubuntu
Ubuntu
•added 2021/08/10 11:53 a.m.•121 views

USN-5034-1: c-ares vulnerability

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks...

6.8CVSS7.1AI score0.02617EPSS
Exploits1
Total number of security vulnerabilities10918