exploit the possibilities
Showing 26 - 50 of 6,016 RSS Feed

Files from Ubuntu

Email addresssecurity at ubuntu.com
First Active2004-10-28
Last Active2022-01-24
Ubuntu Security Notice USN-5219-1
Posted Jan 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5219-1 - It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
MD5 | 4c5167ddb00034781fe9e994f019682d
Ubuntu Security Notice USN-5218-1
Posted Jan 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5218-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43056, CVE-2021-43267, CVE-2021-43389
MD5 | 80478dc2fc05d2a01b0dee9d0bfbcb2d
Ubuntu Security Notice USN-5217-1
Posted Jan 11, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5217-1 - It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4090
MD5 | 58fe2ffaf82ea70ad565876f69d914a5
Ubuntu Security Notice USN-5212-2
Posted Jan 10, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5212-2 - USN-5212-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-44224, CVE-2021-44790
MD5 | 879493980ad546483ae9a82afba9e210
Ubuntu Security Notice USN-5213-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5213-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2021-30887
MD5 | 6b459b25fc1417215d454dcd2368a00a
Ubuntu Security Notice USN-5211-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5211-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4002
MD5 | 450dcbac23a5ecf5c0c108f84cdf4db5
Ubuntu Security Notice USN-5210-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5210-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26541, CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43056, CVE-2021-43389
MD5 | fd5c9687d83c0d728b421f8fa4ef09c6
Ubuntu Security Notice USN-5209-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5209-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-20317, CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43389
MD5 | cd0054b5f3c9fcbc7ecdbe07bd4945df
Ubuntu Security Notice USN-5208-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5208-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43056, CVE-2021-43267, CVE-2021-43389
MD5 | 149e16c8175e544c7900c4a52e235ca9
Ubuntu Security Notice USN-5207-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5207-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4001, CVE-2021-4002, CVE-2021-42739, CVE-2021-43267
MD5 | 0b1146eefd64e4ecbbe947f9a163e6b9
Ubuntu Security Notice USN-5212-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5212-1 - It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44224, CVE-2021-44790
MD5 | eebd4d586278c04746c3d43601b5f785
Ubuntu Security Notice USN-5206-1
Posted Jan 6, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5206-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-4002
MD5 | dbcb228f8ea91c458ef09cef595c3300
Ubuntu Security Notice USN-5204-1
Posted Jan 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5204-1 - Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. A remote attacker could possibly use this issue to obtain sensitive information. Dennis Brinkrolf discovered that Django incorrectly handled certain file names. A remote attacker could possibly use this issue to save files to arbitrary filesystem locations.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-45115, CVE-2021-45116, CVE-2021-45452
MD5 | 3c5f59d38773c417ee1b5489cd2571eb
Ubuntu Security Notice USN-5186-2
Posted Dec 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5186-2 - USN-5186-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn't be uninstalled with the extension. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-43539, CVE-2021-43540, CVE-2021-43545
MD5 | dfad93a492ded55859e2e1d62ade7829
Ubuntu Security Notice USN-5203-1
Posted Dec 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5203-1 - Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-45105
MD5 | 2898b01210b72d5cd2a42eab1b27e1b0
Ubuntu Security Notice USN-5198-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5198-1 - It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-23180
MD5 | 0e3b76b94fcbfd11235135702c8819f4
Ubuntu Security Notice USN-5199-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5199-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses. Specially crafted traffic from a malicious HTTP server could cause a denial of service condition for a client. Various other issues were also addressed.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2021-3733, CVE-2021-3737
MD5 | 68fee8862226337db247237c2ff2c209
Ubuntu Security Notice USN-5201-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5201-1 - It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses. Specially crafted traffic from a malicious HTTP server could cause a denial of service condition for a client.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2021-3737
MD5 | 2279f9e48b64d9eeccc95d64d5633552
Ubuntu Security Notice USN-5200-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5200-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client. Various other issues were also addressed.

tags | advisory, web, denial of service, python
systems | linux, ubuntu
advisories | CVE-2020-8492, CVE-2021-3733, CVE-2021-3737
MD5 | 4251a42c6839da426dea0b52412de128
Ubuntu Security Notice USN-5192-2
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5192-2 - USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44228
MD5 | 5df30b04cd149d1c5b52eceef9e3fda9
Ubuntu Security Notice USN-5202-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5202-1 - Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. Markus Loewe discovered that OpenJDK did not properly handle JAR files containing multiple manifest files. An attacker could possibly use this to bypass JAR signature verification. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
MD5 | cdc66e132e39c58676f82fd45d1ef4ef
Ubuntu Security Notice USN-5195-1
Posted Dec 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5195-1 - It was discovered that the Mumble client supported websites for public servers with arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27229
MD5 | fc5a94902e19d2cc3f126b4f238d6312
Ubuntu Security Notice USN-5197-1
Posted Dec 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5197-1 - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. An attacker could use this vulnerability to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-44228
MD5 | 622cf10efbd63cd29c627cec9150f0af
Ubuntu Security Notice USN-5193-1
Posted Dec 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5193-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-4008
MD5 | e108cb43c46ea10f53cace521f936163
Ubuntu Security Notice USN-5192-1
Posted Dec 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5192-1 - Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-44228
MD5 | cd7a64761d3db930f439affb20d51b73
Page 2 of 241
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close