exploit the possibilities
Showing 26 - 50 of 5,952 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-3843-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
MD5 | 6750b72273b628db8f06739166f59793
Ubuntu Security Notice USN-3843-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-5297
MD5 | 070f65503dc6e6c2f7d2711ac101acd4
Ubuntu Security Notice USN-3837-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16646, CVE-2018-19149
MD5 | 377baed8b82a680a84a9c85cdc9060d2
Ubuntu Security Notice USN-3842-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3842-1 - Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery attacks.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2018-4700
MD5 | 9e5a7e5f15e1d452a62f535a54787f22
Ubuntu Security Notice USN-3841-2
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3841-2 - USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19787
MD5 | 649c44073f03bc41cc17df5ef408c79b
Ubuntu Security Notice USN-3841-1
Posted Dec 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3841-1 - It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2018-19787
MD5 | 72803d329e3e7b3f8f3997f6f5962b23
Ubuntu Security Notice USN-3840-1
Posted Dec 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3840-1 - Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0734, CVE-2018-0735, CVE-2018-5407
MD5 | 5994d027f01038463cf5bc485763f923
Ubuntu Security Notice USN-3831-2
Posted Dec 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
MD5 | 90e4e6902a9545090e0ab2f68dbb0ec5
Ubuntu Security Notice USN-3839-1
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3839-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-19840
MD5 | 9dd19ae9d5f0ec8149e54753e0e9a4c8
Ubuntu Security Notice USN-3838-1
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3838-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-5807, CVE-2018-5813
MD5 | 879b86e3856df5f621b8482aaf06a069
Ubuntu Security Notice USN-3811-3
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3811-3 - USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-11780, CVE-2018-11781
MD5 | 99e9b14016913915026a9427dfc058dc
Ubuntu Security Notice USN-3837-1
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3837-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16646, CVE-2018-19149
MD5 | d22352b2bc2d2c1ebea0af26203d65ab
Ubuntu Security Notice USN-3836-2
Posted Dec 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3836-2 - USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
MD5 | 40f74c61b11b342e43d24c42da24a458
Ubuntu Security Notice USN-3836-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3836-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
MD5 | 158521f793a16089323ee0be9c6ad5ce
Ubuntu Security Notice USN-3835-1
Posted Dec 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3835-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
MD5 | 797f806913c130a0d4051adda370818d
Ubuntu Security Notice USN-3834-2
Posted Dec 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3834-2 - USN-3834-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-18311, CVE-2018-18313
MD5 | 4b1cb856c5b70ee9027861be4c5bfe83
Ubuntu Security Notice USN-3834-1
Posted Dec 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3834-1 - Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
MD5 | d49d4e952670e88373b599e721903471
Linux Kernel 4.8 (Ubuntu 16.04) sctp Kernel Pointer Leak
Posted Dec 1, 2018
Authored by Jinbum Park

Linux Kernel version 4.8 on Ubuntu 16.04 suffers from an sctp kernel pointer leak vulnerability.

tags | exploit, kernel
systems | linux, ubuntu
advisories | CVE-2017-7558
MD5 | fc9790b1e137cf5ee0cca7cf36225b56
Ubuntu Ghostscript Failed Fix
Posted Nov 30, 2018
Authored by Tavis Ormandy, Google Security Research

The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2018-16510
MD5 | bf60fb38f298c008133783e5223c3485
Ubuntu Security Notice USN-3833-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3833-1 - Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-18955, CVE-2018-6559
MD5 | 332359216d6a177a45f3a9adbd36aa4c
Ubuntu Security Notice USN-3832-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3832-1 - Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Jann Horn discovered that the mremap system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service , expose sensitive information, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559
MD5 | e6fcaa3ecb5ddac3d3d7836f6838675e
Ubuntu Security Notice USN-3795-3
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3795-3 - USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
MD5 | 7f15bb7924328b6121f1a4772769aefe
Ubuntu Security Notice USN-3831-1
Posted Nov 30, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3831-1 - It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-19409
MD5 | 481e81b6b20a445167d1fc2430b48d4f
Ubuntu Security Notice USN-3830-1
Posted Nov 28, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.

tags | advisory, java, vulnerability
systems | linux, ubuntu
MD5 | 7f51527c5d1533a10792a68047cda6da
PHP imap_open Remote Code Execution
Posted Nov 28, 2018
Authored by h00die, Anton Lopanitsyn, Twoster | Site metasploit.com

The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.

tags | exploit, arbitrary, php, imap
systems | linux, debian, ubuntu
MD5 | d4da49f1f3382fe81325e51853a7fcc3
Page 2 of 239
Back12345Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close