exploit the possibilities
Showing 1 - 25 of 34,746 RSS Feed

Operating System: Linux

Red Hat Security Advisory 2019-0367-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0367-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Issues addressed include bypass, denial of service, null pointer, out of bounds write, traversal, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-0739, CVE-2018-1000168, CVE-2018-11759, CVE-2018-11763, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-1333
MD5 | 5914e90114ef4f2c7081a8afaed30780
Ubuntu Security Notice USN-3891-1
Posted Feb 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3891-1 - It was discovered that systemd incorrectly handled certain D-Bus messages. A local unprivileged attacker could exploit this in order to crash the init process, resulting in a system denial-of-service.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-6454
MD5 | 347d92e04f1ac6e5d4a305700cc98d16
Ubuntu Security Notice USN-3850-2
Posted Feb 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
MD5 | 550bd66bfce61ba6685d7549da716d49
Red Hat Security Advisory 2019-0365-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0365-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, xss
systems | linux, redhat
advisories | CVE-2018-1000632, CVE-2018-10934, CVE-2018-14642
MD5 | 2be2da09fb2cd06655dee01a002304f6
Red Hat Security Advisory 2019-0361-01
Posted Feb 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0361-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16864, CVE-2018-16865
MD5 | 523f26d20691fc01d67553236bb8e3eb
Debian Security Advisory 4388-2
Posted Feb 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4388-2 - Kushal Kumaran reported that the update for mosquitto issued as DSA 4388-1 causes mosquitto to crash when reloading the persistent database. Updated packages are now available to correct this issue.

tags | advisory
systems | linux, debian
MD5 | ef0a0b730868dfb57d273ff6d6fd0ca5
Debian Security Advisory 4392-1
Posted Feb 18, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4392-1 - Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, debian
advisories | CVE-2018-18356, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505, CVE-2018-18509, CVE-2019-5785
MD5 | 72eb49943de47e780e6bb6cc43b13415
Linux kvm_ioctl_create_device() Reference Flow Failure
Posted Feb 15, 2019
Authored by Jann Horn, Google Security Research

Linux kvm_ioctl_create_device() installs fd before taking reference.

tags | exploit
systems | linux
advisories | CVE-2019-6974
MD5 | 2c781194b8d221ac15f3178b357e1b58
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Feb 15, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | f074bc07e374ec0b84bab95ebe848ead
Debian Security Advisory 4391-1
Posted Feb 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4391-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2018-18356, CVE-2019-5785
MD5 | ae5044944624c06ea62f2b3d6e4c4b75
IPSet List 3.7.2
Posted Feb 14, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
MD5 | 7784ebc069f288844415b7e1128dcf8b
Slackware Security Advisory - mozilla-firefox Updates
Posted Feb 14, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 526a24120462f2b9f82cb5102770c676
Red Hat Security Advisory 2019-0349-01
Posted Feb 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0349-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.14, 1.1.11, 2.1.8, and 2.2.2. Issues addressed include a domain spoofing vulnerability.

tags | advisory, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2019-0657
MD5 | 46adaf791d0ae87c4dcb6dfb73383e97
Red Hat Security Advisory 2019-0348-01
Posted Feb 14, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0348-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.142. Issues addressed include an information leakage vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-7090
MD5 | 240caee5b698727e594858c3553de7ed
Red Hat Security Advisory 2019-0342-01
Posted Feb 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0342-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16864, CVE-2018-16865
MD5 | b315858c5cb7cf19e44c9f1cff2f297a
Ubuntu Security Notice USN-3889-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3889-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2019-6212
MD5 | 13b47ad83ec48720409f49c0385d5369
Ubuntu Security Notice USN-3890-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3890-1 - It was discovered that Django incorrectly handled formatting certain numbers. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-6975
MD5 | c198b95ba7bb3de9c826843ce0578b87
Slackware Security Advisory - lxc Updates
Posted Feb 13, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New lxc packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
MD5 | a13383887cd1a3c7f83011cb6187ea36
Debian Security Advisory 4390-1
Posted Feb 13, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4390-1 - It was discovered that Flatpak, an application deployment framework for desktop apps, insufficiently restricted the execution of "apply_extra" scripts which could potentially result in privilege escalation.

tags | advisory
systems | linux, debian
MD5 | 13d7a7f331164f0fb1b842af7cafe3a2
Ubuntu Security Notice USN-3888-1
Posted Feb 13, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3888-1 - It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-3827
MD5 | 112112f7c84557975958b891a4302b0e
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | e9db49ddfa940a474a61af831e403fe3
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/create-user) of the local snapd service. This queries the Ubuntu SSO for a username and public SSH key of a provided email address, and then creates a local user based on these value. Successful exploitation for this version requires an outbound Internet connection and an SSH service accessible via localhost. This is one of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | 0dcbfdab6f37dbe3458ba63c7f68ffc7
IPSet List 3.7.1
Posted Feb 12, 2019
Authored by AllKind | Site sourceforge.net

ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.

Changes: Various updates.
tags | tool, firewall, bash
systems | linux, unix
MD5 | 39ab23a0de4dec4a4905136eb643b467
Ubuntu Security Notice USN-3887-1
Posted Feb 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.

tags | advisory, remote, local
systems | linux, unix, ubuntu
advisories | CVE-2019-7304
MD5 | a039dec3039229db20b992fe7a5de40b
Red Hat Security Advisory 2019-0324-01
Posted Feb 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

tags | advisory, kernel, bypass
systems | linux, redhat
advisories | CVE-2018-18397
MD5 | 1a59c85baccb480e7ff45c4e92cbdc7f
Page 1 of 1,390
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close