exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 9,427 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-6730-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6730-1 - It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code.

tags | advisory, arbitrary, shell
systems | linux, ubuntu
advisories | CVE-2022-29599
SHA-256 | 15c8d6e5b9065ade2c2ed5b94442496e05fb18a0a38ae85a9562327745d57a90
Ubuntu Security Notice USN-6729-1
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6729-1 - Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
SHA-256 | b6b856a665b8ccd0c761b17ac9d0990bb16f01e11f4e9c76e440d6681ef8b0fd
Ubuntu Security Notice USN-6727-2
Posted Apr 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 98f7aae4d30d1b37976aae71c2f8f3d1c09fb49865d4abec3139169342e9663a
Ubuntu Security Notice USN-6727-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
SHA-256 | 2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
Ubuntu Security Notice USN-6719-2
Posted Apr 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2024-28085
SHA-256 | ecc9ce4c4b883659f1ca7166c8fbbec41ccb6264494ba71cb4e9a807cd993345
Ubuntu Security Notice USN-6721-2
Posted Apr 10, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-31083
SHA-256 | 60cf05697802fbd134a81968130e416ab4b5a454299d94d0c3ea53fba1d98ca8
Ubuntu Security Notice USN-6701-4
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6701-4 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-2002, CVE-2023-23000, CVE-2023-3006, CVE-2023-34256, CVE-2023-39197, CVE-2023-4132, CVE-2023-46838, CVE-2023-51781, CVE-2023-6121, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855
SHA-256 | d108bf63c9f6c68409d72c0c5efb406eb5a7df3eac89dd7759ede250d9eab4a6
Ubuntu Security Notice USN-6726-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6726-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52454, CVE-2023-52470, CVE-2023-52612, CVE-2024-0607, CVE-2024-23851
SHA-256 | 9d8567a66a05e4472fe61be7f8a7bdb51155d4ee0ca5cf5cf863b32e3467a029
Ubuntu Security Notice USN-6725-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6725-1 - Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-1194, CVE-2023-32254, CVE-2023-32258, CVE-2023-38427, CVE-2023-38430, CVE-2023-38431, CVE-2023-3867, CVE-2023-46838, CVE-2023-52340, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52442, CVE-2023-52444
SHA-256 | 8d6d30178b2854c30f04f5326a65af3d2a2ce39d0ff00d49cba1cfec2df9734b
Ubuntu Security Notice USN-6722-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6722-1 - Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-19844
SHA-256 | 3549b31155b113a63c6896dc127bcb848e03f8f2acb9aedc5c6399efc9f1b5e5
Ubuntu Security Notice USN-6724-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6724-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-46838, CVE-2023-50431, CVE-2023-52435, CVE-2023-52438, CVE-2023-6610, CVE-2024-22705, CVE-2024-23850
SHA-256 | 17f21f1c2c15bedbf215674aeeaf3c011302ae40b61d80ae7857e89a3abea752
Ubuntu Security Notice USN-6723-1
Posted Apr 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6723-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-50387, CVE-2023-50868
SHA-256 | 6e047bb3283e58c0f8d840f22e9c0053696975f6a4992368ea7aec56ce6a4cc7
Ubuntu Security Notice USN-6721-1
Posted Apr 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6721-1 - It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information. It was discovered that X.Org X Server incorrectly handled certain glyphs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-31080, CVE-2024-31083
SHA-256 | 4882781902435137ae8b1fd009b4c4df6d61f4ae936be03a8ca2819d4d11c896
Ubuntu Security Notice USN-6710-2
Posted Apr 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-29943, CVE-2024-29944
SHA-256 | 10451fa33f7fbd875188c19a379b2973058dd79a55dd446fd39ec8ac1da5fdd6
Ubuntu Security Notice USN-6720-1
Posted Apr 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6720-1 - Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graph_view.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks.

tags | advisory, remote, php, sql injection
systems | linux, ubuntu
advisories | CVE-2023-39361
SHA-256 | 72a1060cc659927cdff0d3fabd91138203688e06b807e728473d37ed3e99a9d3
Linux nf_tables Local Privilege Escalation
Posted Apr 1, 2024
Authored by Notselwyn | Site github.com

A use-after-free vulnerability exists in the Linux kernel netfilter: nf_tables component. This is a universal local privilege escalation proof of concept exploit working on Linux kernels between 5.14 and 6.6, including Debian, Ubuntu, and KernelCTF.

tags | exploit, kernel, local, proof of concept
systems | linux, debian, ubuntu
advisories | CVE-2024-1086
SHA-256 | e98b20acc52d06c63e173b3fafc4a334699f028d1db4b0de3512cf556c197cd9
Ubuntu Security Notice USN-6707-4
Posted Mar 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2024-1085, CVE-2024-1086
SHA-256 | 1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7a
Ubuntu Security Notice USN-6704-4
Posted Mar 29, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-23000, CVE-2023-32247, CVE-2024-1085, CVE-2024-1086, CVE-2024-24855
SHA-256 | 4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036
Ubuntu Security Notice USN-6715-1
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2024-1013
SHA-256 | 90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382
Ubuntu Security Notice USN-6719-1
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2024-28085
SHA-256 | ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9de
util-linux wall Escape Sequence Injection
Posted Mar 28, 2024
Authored by Skyler Ferrante

The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.

tags | exploit, arbitrary
systems | linux, debian, ubuntu, centos
advisories | CVE-2024-28085
SHA-256 | c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
Ubuntu Security Notice USN-6686-5
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6686-5 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862, CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340, CVE-2024-0607
SHA-256 | 2cf164acfc4647fa9f9d903eb698a241428bb60c804a90e576400594cbc4ac09
Ubuntu Security Notice USN-6718-2
Posted Mar 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6718-2 - USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2024-2398
SHA-256 | 254eb20ecc0dee862c1a54519635302b51b16e509db5e12799dbd97629205e05
Page 1 of 378
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close