Lucene search
K
UbuntuRecent

10918 matches found

Ubuntu
Ubuntu
added 2021/06/23 3:36 a.m.197 views

USN-5000-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...

7.8CVSS7.5AI score0.07604EPSS
Exploits8
Ubuntu
Ubuntu
added 2021/06/23 2:52 a.m.224 views

USN-4999-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...

8.8CVSS7.5AI score0.07604EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/06/23 1:18 a.m.186 views

USN-4997-1: Linux kernel vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 Piotr Krysiuk discovered that the eBPF implementation in the Linux...

8.8CVSS7.5AI score0.07604EPSS
Exploits9
Ubuntu
Ubuntu
added 2021/06/22 4:43 p.m.148 views

USN-4995-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or...

8.8CVSS8AI score0.01764EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/06/22 11:46 a.m.138 views

USN-4996-2: OpenEXR vulnerabilities

USN-4996-1 fixed several vulnerabilities in OpenEXR. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a...

5.5CVSS6.6AI score0.01747EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/22 11:9 a.m.154 views

USN-4996-1: OpenEXR vulnerabilities

It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

5.5CVSS6.4AI score0.01747EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/21 3:25 p.m.193 views

USN-4994-2: Apache HTTP Server vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

9.8CVSS7.8AI score0.68067EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/21 2:1 p.m.210 views

USN-4994-1: Apache HTTP Server vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

9.8CVSS7.7AI score0.68067EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/21 1:50 p.m.123 views

USN-4993-1: Dovecot vulnerabilities

Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. CVE-2021-29157 Fabian Ising and Damian Poddebniak discovered that...

7.5CVSS7.4AI score0.02837EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/18 3:57 a.m.190 views

USN-4992-1: GRUB 2 vulnerabilities

Máté Kukri discovered that the acpi command in GRUB 2 allowed privileged users to load crafted ACPI tables when secure boot is enabled. An attacker could use this to bypass UEFI Secure Boot restrictions. CVE-2020-14372 Chris Coulson discovered that the rmmod command in GRUB 2 contained a use-...

8.2CVSS7.8AI score0.01738EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/17 2:59 p.m.170 views

USN-4991-1: libxml2 vulnerabilities

Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM...

9.1CVSS7.4AI score0.0828EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/06/17 11:1 a.m.180 views

USN-4990-1: Nettle vulnerabilities

It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. CVE-2021-3580 It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly u...

7.5CVSS5.8AI score0.02686EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/16 2:17 p.m.132 views

USN-4989-2: BlueZ vulnerabilities

USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate device...

8.6CVSS7.5AI score0.04067EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/16 12:18 p.m.180 views

USN-4989-1: BlueZ vulnerabilities

It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. CVE-2020-26558 Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to caus...

8.6CVSS7.5AI score0.04067EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/15 11:11 a.m.137 views

USN-4988-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

7.8CVSS6.3AI score0.02616EPSS
Exploits25
Ubuntu
Ubuntu
added 2021/06/10 8:52 p.m.79 views

USN-4986-4: rpcbind regression

USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/10 8:27 p.m.323 views

USN-4987-1: ExifTool vulnerability

It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

7.8CVSS7.8AI score0.99981EPSS
Exploits39
Ubuntu
Ubuntu
added 2021/06/10 7:12 p.m.80 views

USN-4986-3: rpcbind regression

USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data...

5.5AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/10 1:12 p.m.124 views

USN-4971-2: libwebp vulnerabilities

USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into...

9.8CVSS7.6AI score0.02662EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/09 6:37 p.m.254 views

USN-4986-2: rpcbind vulnerability

USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to...

7.8CVSS7.4AI score0.81921EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/06/09 11:10 a.m.141 views

USN-4986-1: rpcbind vulnerability

It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could use this issue to cause rpcbind to consume resources, leading to a denial of service...

7.8CVSS7.4AI score0.81921EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/06/09 5:22 a.m.159 views

USN-4985-1: Intel Microcode vulnerabilities

It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O VT-d. This may allow a local user to perform a privilege escalation attack. CVE-2020-24489 Joseph Nuzman discovered that some Intel processors may not...

8.8CVSS7AI score0.00472EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/08 2:12 a.m.221 views

USN-4982-1: Linux kernel vulnerabilities

Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...

7.8CVSS7.6AI score0.03259EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/06/08 2:5 a.m.262 views

USN-4984-1: Linux kernel vulnerabilities

Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash. CVE-2021-28038 It was discovered that the Realtek...

8.8CVSS7.4AI score0.01316EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/07 4:41 p.m.95 views

USN-4937-2: GNOME Autoar regression

USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Original advisory details: Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into...

5.7AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/07 2:12 p.m.101 views

USN-4969-3: DHCP regression

USN-4969-1 fixed a vulnerability in DHCP. The package for Ubuntu 21.04 introduced a regression causing it to reject certain valid configuration files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered tha...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2021/06/07 1:50 p.m.116 views

USN-4975-2: Django vulnerability

USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly...

4.9CVSS6.8AI score0.02737EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/04 7:4 p.m.241 views

USN-4979-1: Linux kernel vulnerabilities

Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...

8.8CVSS7.6AI score0.03259EPSS
Exploits4
Ubuntu
Ubuntu
added 2021/06/03 8:43 p.m.147 views

USN-4983-1: Linux kernel (OEM) vulnerabilities

Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33200 Piotr Krysiuk and Benedict Schlueter...

7.8CVSS6.7AI score0.01071EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/03 4:24 p.m.140 views

USN-4981-1: Squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. CVE-2021-28651 Joshua Rogers discovered that Squid incorrectly handled requests to the Cache...

7.5CVSS6.6AI score0.95785EPSS
Exploits5
Ubuntu
Ubuntu
added 2021/06/03 10:51 a.m.270 views

USN-4980-1: polkit vulnerability

Kevin Backhouse discovered that polkit incorrectly handled errors in the polkitsystembusnamegetcredssync function. A local attacker could possibly use this issue to escalate privileges...

7.8CVSS7.7AI score0.22193EPSS
Exploits37
Ubuntu
Ubuntu
added 2021/06/03 12:26 a.m.238 views

USN-4977-1: Linux kernel vulnerabilities

Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service system crash. CVE-2020-25670 Kiyin 尹亮 discovered that the NFC LLCP protocol implementation in the Linux kernel did n...

7.8CVSS6.8AI score0.03259EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/06/02 7:35 p.m.119 views

USN-4978-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute...

8.8CVSS7.7AI score0.01368EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/02 1:21 p.m.132 views

USN-4976-1: Dnsmasq vulnerability

Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks...

4.3CVSS6.6AI score0.01988EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/02 10:49 a.m.155 views

USN-4975-1: Django vulnerabilities

It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2021-32052 Rasmus Lerchedahl Petersen...

7.5CVSS6.8AI score0.03146EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/02 3:15 a.m.153 views

USN-4974-1: Lasso vulnerability

It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...

7.5CVSS7.2AI score0.01325EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/01 11:56 a.m.145 views

USN-4973-1: Python vulnerability

It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions...

9.8CVSS7.5AI score0.06827EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/06/01 11:48 a.m.153 views

USN-4972-1: PostgreSQL vulnerabilities

Tom Lane discovered that PostgreSQL incorrect handled certain array subscripting calculations. An authenticated attacker could possibly use this issue to overwrite server memory and escalate privileges. CVE-2021-32027 Andres Freund discovered that PostgreSQL incorrect handled certain INSERT ... O...

8.8CVSS7.2AI score0.0199EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/01 11:29 a.m.219 views

USN-4971-1: libwebp vulnerabilities

It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary co...

9.8CVSS7.6AI score0.02662EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/06/01 11:20 a.m.116 views

USN-4970-1: GUPnP vulnerability

It was discovered that GUPnP incorrectly filtered local requests. If a user were tricked into visiting a malicious website, a remote attacker could possibly use this issue to perform actions against local UPnP services such as obtaining or altering sensitive information...

8.1CVSS7.6AI score0.01084EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/05/31 12:8 p.m.159 views

USN-4968-2: LZ4 vulnerability

USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a...

9.8CVSS7.4AI score0.03216EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/05/27 1:12 p.m.224 views

USN-4967-2: nginx vulnerability

USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could...

7.7CVSS8.1AI score0.53461EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/05/27 12:7 p.m.126 views

USN-4969-2: DHCP vulnerability

USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue...

7.4CVSS7.4AI score0.06118EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/05/27 10:41 a.m.129 views

USN-4969-1: DHCP vulnerability

Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service...

7.4CVSS7.4AI score0.06118EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/05/26 5:29 p.m.150 views

USN-4968-1: LZ4 vulnerability

It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7.4AI score0.03216EPSS
Exploits0
Ubuntu
Ubuntu
added 2021/05/26 1:50 p.m.217 views

USN-4967-1: nginx vulnerability

Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.7CVSS8.1AI score0.53461EPSS
Exploits10
Ubuntu
Ubuntu
added 2021/05/25 7:2 p.m.146 views

USN-4966-2: libx11 vulnerability

USN-4966-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick...

9.8CVSS7.5AI score0.10634EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/05/25 6:20 p.m.109 views

USN-4965-2: Apport vulnerabilities

USN-4965-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these...

7.3CVSS6.4AI score0.0039EPSS
Exploits1
Ubuntu
Ubuntu
added 2021/05/25 5:0 p.m.244 views

USN-4966-1: libx11 vulnerability

It was discovered that libx11 incorrectly validated certain parameter lengths. A remote attacker could possibly use this issue to trick libx11 into emitting extra X protocol requests...

9.8CVSS7.5AI score0.10634EPSS
Exploits2
Ubuntu
Ubuntu
added 2021/05/25 4:52 p.m.124 views

USN-4965-1: Apport vulnerabilities

Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges...

7.3CVSS6.4AI score0.0039EPSS
Exploits1
Total number of security vulnerabilities10918