what you don't know can hurt you
Showing 1 - 25 of 7,085 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4706-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4706-1 - Olle Segerdahl found that ceph-mon and ceph-mgr daemons did not properly restrict access, resulting in gaining access to unauthorized resources. An authenticated user could use this vulnerability to modify the configuration and possibly conduct further attacks. Adam Mohammed found that Ceph Object Gateway was vulnerable to HTTP header injection via a CORS ExposeHeader tag. An attacker could use this to gain access or cause a crash. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2020-10736, CVE-2020-10753, CVE-2020-25660
MD5 | bebf402244a4c2e679e813eb9b40b74c
Ubuntu Security Notice USN-4707-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4707-1 - It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-3139
MD5 | 588b2022e81f508eb24aaed4ec3251ce
Ubuntu Security Notice USN-4712-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4712-1 - USN-4576-1 fixed a vulnerability in the overlay file system implementation in the Linux kernel. Unfortunately, that fix introduced a regression that could incorrectly deny access to overlay files in some situations. This update fixes the problem.

tags | advisory, kernel
systems | linux, ubuntu
MD5 | ba3b04076200630b1b79bc54fcab8b18
Ubuntu Security Notice USN-4713-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4713-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
MD5 | 93b60be65f3b9617bbda04c469a600da
Ubuntu Security Notice USN-4711-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2020-25704, CVE-2020-28374
MD5 | 862338ce60446f35a002c294d4ef7d48
Ubuntu Security Notice USN-4710-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4710-1 - Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2020-25704
MD5 | 8bceee49b044da87d9c7e4b287cb8ac0
Ubuntu Security Notice USN-4709-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-13093, CVE-2019-19816, CVE-2020-25669, CVE-2020-28374
MD5 | 5205f153d121a7f1d0f2c2402956e1d3
Ubuntu Security Notice USN-4708-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4708-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-13093, CVE-2019-19816, CVE-2020-25669, CVE-2020-27777
MD5 | 88614c94398b165a3628eb8d6d76aa2b
Ubuntu Security Notice USN-4705-2
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-3156
MD5 | 83bcf987c775a6200689ce72ac3bb60a
Ubuntu Security Notice USN-4705-1
Posted Jan 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit utility incorrectly handled checking directory permissions. A local attacker could possibly use this issue to bypass file permissions and determine if a directory exists or not. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-23239, CVE-2021-3156
MD5 | 7441929fd8273b9e8c967ac727cda7ea
Ubuntu Security Notice USN-4704-1
Posted Jan 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12562, CVE-2017-14246, CVE-2017-14634, CVE-2017-16942, CVE-2018-13139, CVE-2018-19432, CVE-2018-19661, CVE-2018-19758, CVE-2019-3832
MD5 | 21c29b1fe2faf41239164e4ee250c1da
Ubuntu Security Notice USN-4703-1
Posted Jan 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4703-1 - It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3181
MD5 | 8e39a3ca3da54134afa31cb731c9d23c
Ubuntu Security Notice USN-4702-1
Posted Jan 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4702-1 - It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2016-10711
MD5 | a0cc5acf94fe6c368769567ffbbf09ec
Ubuntu Security Notice USN-4689-4
Posted Jan 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4689-4 - USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056
MD5 | 67b7fedb3c56827c3051283598dae0b9
Ubuntu Security Notice USN-4697-2
Posted Jan 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4697-2 - USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-10177, CVE-2020-35653
MD5 | 710757898267e7364668015c59fe295c
Ubuntu Security Notice USN-4689-3
Posted Jan 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4689-3 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-1052, CVE-2021-1053, CVE-2021-1056
MD5 | 770df623c2eb7e3a6a906c87fae96947
Ubuntu Security Notice USN-4701-1
Posted Jan 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4701-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, or execute arbitrary code. It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16042, CVE-2020-26970, CVE-2020-26973, CVE-2020-26974, CVE-2020-35111, CVE-2020-35113
MD5 | d5be7805a4212cf046f8575dfc0f5c39
Ubuntu Security Notice USN-4700-1
Posted Jan 20, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4700-1 - Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-12761
MD5 | c2db4cbb17bceeecfeb5154b0698a988
Ubuntu Security Notice USN-4699-1
Posted Jan 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4699-1 - It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-1285
MD5 | adb98b4f1980e62322aa69491a5cc4cb
Ubuntu Security Notice USN-4698-1
Posted Jan 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4698-1 - Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-14834, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
MD5 | 6a28aafbdc7142b8cedf9f08b7ed394c
Ubuntu Security Notice USN-4697-1
Posted Jan 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4697-1 - It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35653, CVE-2020-35654, CVE-2020-35655
MD5 | 33d0f53f2fe15d0bbe0fe6f3b813716f
Ubuntu Security Notice USN-4696-1
Posted Jan 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4696-1 - It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-19630
MD5 | 8db6722155e080664d72df4f9eef7257
Ubuntu Security Notice USN-4695-1
Posted Jan 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4695-1 - Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Jerzy Kramarz discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5208, CVE-2017-6009, CVE-2017-6011
MD5 | cc7f5a77193361f6afb87d4fc323cbb7
Ubuntu Security Notice USN-4693-1
Posted Jan 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4693-1 - It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose sensitive information. It was discovered that an XSS vulnerability in Ampache. An attacker could use this vulnerability to force an admin to create a new privileged user. Various other issues were also addressed.

tags | advisory, sql injection
systems | linux, ubuntu
advisories | CVE-2019-12385, CVE-2019-12386
MD5 | 19e32413eae87248300241c7423c86b4
Ubuntu Security Notice USN-4694-1
Posted Jan 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4694-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
MD5 | 39bd5d296c952869b692a804fbc44d89
Page 1 of 284
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    29 Files
  • 28
    Jan 28th
    22 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close