what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2016-05-09

Ubuntu Security Notice USN-2971-3
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2971-3 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7515, CVE-2016-0821, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3689
SHA-256 | 7b3459c73365edf29023fa136ee57f10f3d17b3557b21c7121fe1294209b22d9
Ubuntu Security Notice USN-2971-2
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2971-2 - USN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-7515, CVE-2016-0821, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3689
SHA-256 | e7e575bb1102666d9a22bb82b9c053e9133e706ab71b7e298615967c59ef8f3a
Ubuntu Security Notice USN-2971-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2971-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Zach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7515, CVE-2016-0821, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3689
SHA-256 | a298f48af827e9f86cdad35b461baed9987b67b75d15c7f9200282f810c3c31d
Ubuntu Security Notice USN-2970-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2970-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7515, CVE-2015-8830, CVE-2016-0821, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3689
SHA-256 | d98bad9db3738dcedb5cd2b681a7df98c3b453dbe10c67457bbd20c49a287913
Ubuntu Security Notice USN-2969-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2969-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7515, CVE-2015-8830, CVE-2016-0821, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3138, CVE-2016-3156, CVE-2016-3157
SHA-256 | daec6024463964987f17413ce3bc1076005c65ece84f6d55dbffb59927c14bca
Ubuntu Security Notice USN-2968-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2968-1 - Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ben Hawkes discovered that the Linux kernel's AIO interface allowed single writes greater than 2GB, which could cause an integer overflow when writing to certain filesystems, socket or device types. A local attacker could this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-1805, CVE-2015-7515, CVE-2015-8830
SHA-256 | 5d6cd4936b41c10de03f474f5d26de975c937866af34dc6990b004feafa4b887
Ubuntu Security Notice USN-2968-2
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2968-2 - USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-1805, CVE-2015-7515, CVE-2015-8830
SHA-256 | 5ba81af916c3fd93a49a79e329f36f9423cf3fbc0039efe9cdb4e607a2e88418
Ubuntu Security Notice USN-2967-2
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2967-2 - It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-4312, CVE-2015-1805, CVE-2015-7515, CVE-2015-7566, CVE-2015-7833, CVE-2015-8767, CVE-2015-8812, CVE-2016-0723
SHA-256 | e02b7c6a5e53b846f715db54cfa58634817ba97335f6b1d85061b3697dad76c8
Ubuntu Security Notice USN-2967-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2967-1 - It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-4312, CVE-2015-1805, CVE-2015-7515, CVE-2015-7566, CVE-2015-7833, CVE-2015-8767, CVE-2015-8812, CVE-2016-0723
SHA-256 | f68ed3829dd29feb1ef587e78d5d57a18a66f98f7c4cefc49c950b25dafaa8c7
Debian Security Advisory 3572-1
Posted May 9, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3572-1 - Nitin Venkatesh discovered that websvn, a web viewer for Subversion repositories, is susceptible to cross-site scripting attacks via specially crafted file and directory names in repositories.

tags | advisory, web, xss
systems | linux, debian
advisories | CVE-2016-1236
SHA-256 | 3e5f8ad1c4fd34ad40c08e313d9ea89b8baef58b14ed0ef146461261cc3113c1
Ubuntu Security Notice USN-2966-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2966-1 - Shayan Sadigh discovered that OpenSSH incorrectly handled environment files when the UseLogin feature is enabled. A local attacker could use this issue to gain privileges. Ben Hawkes discovered that OpenSSH incorrectly handled certain network traffic. A remote attacker could possibly use this issue to cause OpenSSH to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-8325, CVE-2016-1907, CVE-2016-1908, CVE-2016-3115
SHA-256 | 8d08319b81c2a6de2568e6524b5d6c6312219c6acc3da869743e1e123b16ebd5
Red Hat Security Advisory 2016-0725-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0725-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-3710
SHA-256 | 1d20cbf63bfd5c9b75f2ab47d6b46c10ab6639c3dab1bfc094b0a4df43f450ac
Red Hat Security Advisory 2016-0724-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0724-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-3710
SHA-256 | f36225531559b017a609f72d98ed2fac1a3b30e9a51c7ef5bc262510d7c1fbad
Red Hat Security Advisory 2016-0726-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0726-01 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.

tags | advisory, remote, arbitrary, shell
systems | linux, redhat
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718
SHA-256 | d8a4d48a224920151135854a97230c9e638aa805c9f55366f91c9cbf59079185
Red Hat Security Advisory 2016-0723-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0723-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 1a6f71439bb6ef2da54bead32fb28d50fab8a42c2d3b1e8a8b212c7864d18919
Red Hat Security Advisory 2016-0722-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
SHA-256 | 20a21fae0cd061a2508b8804879648afc5786156f2cbd54707709f649be74caf
Debian Security Advisory 3571-1
Posted May 9, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3571-1 - Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki's use of imagemagick in the img plugin.

tags | advisory, xss
systems | linux, debian
advisories | CVE-2016-4561
SHA-256 | 65518e519c426e76309107247916396b3bf12fb1572cc0b143c6771584f0d0dd
Ubuntu Security Notice USN-2965-4
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2965-4 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-4557
SHA-256 | b980b1fb461a05f96b89931ea8854c8fb764d3a6a3ea6ec9be99cb03392277a0
Ubuntu Security Notice USN-2965-3
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2965-3 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-4557
SHA-256 | 4e5b67ecd64a48a40bb846ae2b44ca9d5d6f5587e29332b9503dcdb6f3cc3bce
Ubuntu Security Notice USN-2965-1
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2965-1 - Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-4557
SHA-256 | 962749c42e747d98bec1018a0419b51785f0f882d0fec9774fb21cb7fa004936
Ubuntu Security Notice USN-2965-2
Posted May 9, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2965-2 - USN-2965-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel did not properly reference count file descriptors, leading to a use-after-free. A local unprivileged attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2847, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-3955, CVE-2016-4557
SHA-256 | 6b52d036c57f1e7c2af2ead1821e8dddc36f23e6a3f79a1abfec9c19421a8b56
WordPress Event Registration 6.02.02 XSS / SQL Injection
Posted May 9, 2016
Authored by Michael Helwig

WordPress Event Registration plugin version 6.02.02 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | c68bc624b9c59b3929a3f69f844c90408587a093736cafbe16c9de5602ab2d87
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close