Twenty Year Anniversary
Showing 51 - 75 of 5,480 RSS Feed

Operating System: Debian

Debian Security Advisory 4123-1
Posted Feb 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4123-1 - Multiple vulnerabilities have been found in the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
MD5 | 65bcddb5127fe0c94eb776c1e4ca7d94
Debian Security Advisory 4122-1
Posted Feb 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4122-1 - Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-1000024, CVE-2018-1000027
MD5 | 9ef4b3729b02dbd49c78b7e5631e5ef4
Debian Security Advisory 4120-1
Posted Feb 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4120-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2017-13166, CVE-2017-5715, CVE-2017-5754, CVE-2018-5750
MD5 | 87f0dca6b1b225ebfb15055fac6299cf
Debian Security Advisory 4121-1
Posted Feb 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4121-1 - This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.

tags | advisory, kernel
systems | linux, debian
MD5 | 87245a623ef26fdd0d572d9e12848b6f
MagniComp SysInfo mcsiwrapper Privilege Escalation
Posted Feb 20, 2018
Authored by Brendan Coles, Daniel Lawson, Romain Trouve | Site metasploit.com

This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.

tags | exploit, arbitrary, x86, root
systems | linux, solaris, debian, fedora
advisories | CVE-2017-6516
MD5 | 8b66a6c82ba59a4ce479a1d17b9e36b6
Debian Security Advisory 4119-1
Posted Feb 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4119-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

tags | advisory
systems | linux, debian
advisories | CVE-2017-16803
MD5 | 2a1d9f8a84328acf0e9acb5b84c0df02
Debian Security Advisory 4118-1
Posted Feb 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4118-1 - Jonas Klempel reported that tomcat-native, a library giving Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator, does not properly handle fields longer than 127 bytes when parsing the AIA-Extension field of a client certificate. If OCSP checks are used, this could result in client certificates that should have been rejected to be accepted.

tags | advisory
systems | linux, debian
advisories | CVE-2017-15698
MD5 | c56c23b13001ea2e3e827020aa818472
Debian Security Advisory 4117-1
Posted Feb 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4117-1 - This update doesn't fix a vulnerability in GCC itself, but instead provides support for building retpoline-enabled Linux kernel updates.

tags | advisory, kernel
systems | linux, debian
MD5 | 769be64f1b789883b6bd010a9e171ba7
Debian Security Advisory 4116-1
Posted Feb 18, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4116-1 - Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitization of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2018-6791
MD5 | 8bfe9448284b074dff9a1fabba58ddf3
Debian Security Advisory 4115-1
Posted Feb 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4115-1 - Several vulnerabilities have been discovered in Quagga, a routing daemon.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
MD5 | 19d97fa7ebec5bb1ff560eb626ce1667
Debian Security Advisory 4114-1
Posted Feb 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4114-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input.

tags | advisory, java, code execution
systems | linux, debian
advisories | CVE-2017-17485, CVE-2018-5968
MD5 | ca2602db7870b61fbdcb3dfd1df31f02
Debian Security Advisory 4113-1
Posted Feb 14, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4113-1 - Two vulnerabilities were discovered in the libraries of the Vorbis audio compression codec, which could result in denial of service or the execution of arbitrary code if a malformed media file is processed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2017-14632, CVE-2017-14633
MD5 | 3e78b5f22d8d879f4bbbb3a2bdf5e149
Debian Security Advisory 4112-1
Posted Feb 14, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4112-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566
MD5 | 227a4e95c43bc1ebc4f9762fff3d1f24
Debian Security Advisory 4111-2
Posted Feb 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4111-2 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2018-6871
MD5 | df5fa3515315ff3ab6f16abf80984634
Debian Security Advisory 4111-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4111-1 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2018-6871
MD5 | 29e7cddfca383d97f95385a564fbacae
Debian Security Advisory 4110-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4110-1 - Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2018-6789
MD5 | 9bf9a6ae2812c2a0e4e752f35153e3a6
Debian Security Advisory 4109-1
Posted Feb 11, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.

tags | advisory, web, ruby
systems | linux, debian
advisories | CVE-2017-18076
MD5 | 209150e6c8b25b260f506e39aec1bad3
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
MD5 | 2bf9e1106acf9e1f0a7b618fe7f2da3f
Debian Security Advisory 4108-1
Posted Feb 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4108-1 - Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster.

tags | advisory, remote, xss
systems | linux, debian
advisories | CVE-2018-5950
MD5 | 4f68db027d8c873d8be795e63da0a7e8
Debian Security Advisory 4105-2
Posted Feb 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4105-2 - A regression was detected in the previously issued fix for CVE-2018-6360. The patch released with DSA 4105-1 broke the feature of invoking mpv with raw YouTube ids. This update fixes this functionality issue.

tags | advisory
systems | linux, debian
advisories | CVE-2018-6360
MD5 | 001a1cafc6dd1b95ad3024dbfa259269
Debian Security Advisory 4107-1
Posted Feb 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4107-1 - It was discovered that the webhook validation of Anymail, a Django email backends for multiple ESPs, is prone to a timing attack. A remote attacker can take advantage of this flaw to obtain a WEBHOOK_AUTHORIZATION secret and post arbitrary email tracking events.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2018-6596
MD5 | 19242d0186d2470142753e3b728d4c56
Debian Security Advisory 4106-1
Posted Feb 8, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4106-1 - Two vulnerabilities were discovered in Libtasn1, a library to manage ASN.1 structures, allowing a remote attacker to cause a denial of service against an application using the Libtasn1 library.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2017-10790, CVE-2018-6003
MD5 | 59b81c16b6973dde15225d9c0c8a9a19
Debian Security Advisory 4105-1
Posted Feb 7, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4105-1 - It was discovered that mpv, a media player, was vulnerable to remote code execution attacks. An attacker could craft a malicious web page that, when used as an argument in mpv, could execute arbitrary code in the host of the mpv user.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, debian
advisories | CVE-2018-6360
MD5 | bfcbda579d18140ffb85913b522a3969
Debian Security Advisory 4104-1
Posted Feb 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4104-1 - 'landave' discovered a heap-based buffer overflow vulnerability in the NCompress::NShrink::CDecoder::CodeReal method in p7zip, a 7zr file archiver with high compression ratio. A remote attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running p7zip, if a specially crafted shrinked ZIP archive is processed.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2017-17969
MD5 | 37f24efc8b47c5221b4ad9a8a14807e1
Debian Security Advisory 4103-1
Posted Feb 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4103-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2017-15420, CVE-2017-15429, CVE-2018-6031, CVE-2018-6032, CVE-2018-6033, CVE-2018-6034, CVE-2018-6035, CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6039, CVE-2018-6040, CVE-2018-6041, CVE-2018-6042, CVE-2018-6043, CVE-2018-6045, CVE-2018-6046, CVE-2018-6047, CVE-2018-6048, CVE-2018-6049, CVE-2018-6050, CVE-2018-6051, CVE-2018-6052, CVE-2018-6053, CVE-2018-6054
MD5 | ea3f7884f763eea2a60473cfda0b5b22
Page 3 of 220
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close