Twenty Year Anniversary
Showing 76 - 100 of 33,177 RSS Feed

Operating System: Linux

Debian Security Advisory 4167-1
Posted Apr 6, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4167-1 - A buffer-overflow vulnerability was discovered in Sharutils, a set of utilities handle Shell Archives. An attacker with control on the input of the unshar command, could crash the application or execute arbitrary code in the its context.

tags | advisory, overflow, arbitrary, shell
systems | linux, debian
advisories | CVE-2018-1000097
MD5 | f45edf0e1ca9bff52faa495942d41a56
Red Hat Security Advisory 2018-0648-01
Posted Apr 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0648-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146
MD5 | 09f5e6958b653eba3993557fed221c1a
Red Hat Security Advisory 2018-0649-01
Posted Apr 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0649-01 - The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Issues addressed include an out of bounds write.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5146
MD5 | 202c86761a9c588b41dbdea14d958185
Ubuntu Security Notice USN-3620-2
Posted Apr 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-2 - USN-3620-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2017-5715, CVE-2018-1000026, CVE-2018-5332
MD5 | ec75abebcf0b7cadfae002c5506f6aab
Debian Security Advisory 4166-1
Posted Apr 5, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4166-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions.

tags | advisory, java, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | cd38ffe0e62498ca5f96a055f1652b09
Ubuntu Security Notice USN-3621-1
Posted Apr 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3621-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079
MD5 | cff2c69a5568de2c74adb2faa0b0fa2e
Red Hat Security Advisory 2018-0646-01
Posted Apr 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 4c4a72b2d287abfd5e1ba4347df9ed7f
Ubuntu Security Notice USN-3620-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3620-1 - It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-11089, CVE-2017-12762, CVE-2017-17448, CVE-2017-17741, CVE-2017-17805, CVE-2017-17807, CVE-2018-1000026, CVE-2018-5332
MD5 | 92be1e1f7075a80057dfacd0385d5b15
Ubuntu Security Notice USN-3619-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3619-1 - Jann Horn discovered that the Berkeley Packet Filter implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-1000407, CVE-2017-11472, CVE-2017-15129, CVE-2017-16528, CVE-2017-16532, CVE-2017-16536, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16649, CVE-2017-16650, CVE-2017-16911, CVE-2017-16912, CVE-2017-16913, CVE-2017-16914, CVE-2017-16994, CVE-2017-16995, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807
MD5 | 4b540e0a4bb9cc36651e6f4f0e104441
Ubuntu Security Notice USN-3617-3
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3617-3 - It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-0861, CVE-2017-15129, CVE-2017-16532, CVE-2017-16537, CVE-2017-16645, CVE-2017-16646, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-16994, CVE-2017-17448, CVE-2017-17450, CVE-2017-17741, CVE-2017-17805, CVE-2017-17806, CVE-2017-17807, CVE-2017-18204, CVE-2018-1000026, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344
MD5 | ed5fa39c4b9b0eef37fe4bb6bca68670
Ubuntu Security Notice USN-3618-1
Posted Apr 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3618-1 - It was discovered that LibVNCServer incorrectly handled certain packet lengths. A remote attacker able to connect to a LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-7225
MD5 | 2737863066439e52d3e9ef732a321ce1
Debian Security Advisory 4165-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4165-1 - Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-8763, CVE-2018-8764
MD5 | a66e7ec3056ac8043de009300dea5eec
Debian Security Advisory 4164-1
Posted Apr 4, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4164-1 - Several vulnerabilities have been found in the Apache HTTPD server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-15710, CVE-2017-15715, CVE-2018-1283, CVE-2018-1301, CVE-2018-1303, CVE-2018-1312
MD5 | fb946d3e3116932e603a89dd798a5449
Red Hat Security Advisory 2018-0627-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | 428bcf1a0a010f5a3ead3ec63c5029a5
Red Hat Security Advisory 2018-0628-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e1d67fdcd01f4ba9fb1c3c5049f971c3
Red Hat Security Advisory 2018-0630-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e3e4359b66403d866b5f8acee8ca0e16
Red Hat Security Advisory 2018-0629-01
Posted Apr 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.

tags | advisory, java, code execution
systems | linux, redhat
advisories | CVE-2018-8088
MD5 | e4524e76320f4a722ea9570e595d4473
ProcessMaker Plugin Code Execution
Posted Apr 3, 2018
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.

tags | exploit, web, php
systems | linux, windows, debian, 7
MD5 | 62ca13841303372ebfe7885ec8e1b271
Ubuntu Security Notice USN-3616-1
Posted Apr 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | fcedecfcc4487ed429b56fae81f791b6
Ubuntu Security Notice USN-3615-1
Posted Apr 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3615-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16909, CVE-2017-16910, CVE-2018-5800, CVE-2018-5801, CVE-2018-5802
MD5 | 5632eb975bdc2dae1ab1ca3907a9c2f3
OpenSSH 7.7p1
Posted Apr 2, 2018
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Multiple updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 68ba883aff6958297432e5877e9a0fe2
Debian Security Advisory 4163-1
Posted Apr 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4163-1 - It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-0492
MD5 | 5c516dc597f2f23c07f27afaa1ff77d1
Ubuntu Security Notice USN-3614-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3614-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. It was discovered that the DNS client implementation in OpenJDK did not properly randomize source ports. A remote attacker could use this to spoof responses to DNS queries made by Java applications. Various other issues were also addressed.

tags | advisory, java, remote, spoof
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | 1eb05c541d1ecdd0ca635e9bf8042111
Ubuntu Security Notice USN-3613-1
Posted Apr 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3613-1 - It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM instruction. An attacker could possibly use this to access unauthorized resources. It was discovered that the LDAP implementation in OpenJDK did not properly encode login names. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678
MD5 | b74e4fe8101363c9917ff4bc56307115
Kernel Live Patch Security Notice LSN-0036-1
Posted Apr 2, 2018
Authored by Benjamin M. Romer

Wi-Fi Protected Access (WPA and WPA2) allows re-installation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux
advisories | CVE-2017-13080, CVE-2017-16995
MD5 | 5db75445369ea25794ef7fbcfd8160c8
Page 4 of 1,328
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    2 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close