what you don't know can hurt you
Showing 26 - 50 of 7,184 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4883-1
Posted Mar 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4883-1 - Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
MD5 | f8ee214038707c269cc83f16f2f86c1a
Ubuntu Security Notice USN-4882-1
Posted Mar 19, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4882-1 - It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2020-10663, CVE-2020-10933, CVE-2020-25613
MD5 | 81a24afb7b9477db4f4abcf41514d69d
Ubuntu Security Notice USN-4881-1
Posted Mar 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4881-1 - It was discovered that containerd incorrectly handled certain environment variables. Contrary to expectations, a container could receive environment variables defined for a different container, possibly containing sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-21334
MD5 | c4c30ba0884692b85f8be193652cfcb2
Ubuntu Security Notice USN-4880-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4880-1 - It was discovered that OpenJPEG incorrectly handled certain image data. An attacker could use this issue to cause OpenJPEG to crash, leading to a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-27814, CVE-2020-27845
MD5 | 4455b6e61dedb1e35e31480d0ee21df6
Ubuntu Security Notice USN-4879-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4879-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-20194
MD5 | 4d75b22b9bc6edb7b6c9d1c218599d71
Ubuntu Security Notice USN-4878-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4878-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-20239, CVE-2021-3178, CVE-2021-3347
MD5 | 9b326d87c15055059d2d831783328661
Ubuntu Security Notice USN-4877-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4877-1 - It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. 吴异 discovered that the NFS implementation in the Linux kernel did not properly prevent access outside of an NFS export that is a subdirectory of a file system. An attacker could possibly use this to bypass NFS access restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-36158, CVE-2021-3178
MD5 | 65a91b8f952c6c1ea32e71f869620dae
Ubuntu Security Notice USN-4876-1
Posted Mar 16, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4876-1 - Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the Xen paravirt block backend in the Linux kernel, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service in the host OS. It was discovered that the Marvell WiFi-Ex device driver in the Linux kernel did not properly validate ad-hoc SSIDs. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-29569, CVE-2020-36158, CVE-2021-3178
MD5 | 450e71cf2aeed3c895c44fb3b0270291
Ubuntu Security Notice USN-4764-1
Posted Mar 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4764-1 - It was discovered that GLib incorrectly handled certain symlinks when replacing files. If a user or automated system were tricked into extracting a specially crafted file with File Roller, a remote attacker could possibly create files outside of the intended directory.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-28153
MD5 | 6f8491496f4f4196b8a9436b8e3cfd0f
Ubuntu Security Notice USN-4754-3
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492
MD5 | 67d5415d4b4e952d651e9fc905a209c3
Ubuntu Security Notice USN-4763-1
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4763-1 - It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922
MD5 | a9bb486c2183b003050adf13de2c0c65
Ubuntu Security Notice USN-4762-1
Posted Mar 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4762-1 - It was discovered that the OpenSSH ssh-agent incorrectly handled memory. A remote attacker able to connect to the agent could use this issue to cause it to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-28041
MD5 | 0e90f1e3a51fa95bece293da11297ac1
Ubuntu Security Notice USN-4761-1
Posted Mar 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4761-1 - Matheus Tavares discovered that Git incorrectly handled delay-capable clean/smudge filters when being used on case-insensitive filesystems. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-21300
MD5 | 7a9a215b27ae633fcf542a2b4f854615
Ubuntu Security Notice USN-4758-1
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4758-1 - It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting attacks.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2020-24553
MD5 | 9134ad5350739b814653b794341ec8dc
Ubuntu Security Notice USN-4760-1
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4760-1 - It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-24031
MD5 | 0c1e14501b9ec06c7fc82b3ec0f14485
Ubuntu Security Notice USN-4759-1
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4759-1 - Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27218, CVE-2021-27219
MD5 | 6b55a2dbfb04e4a2fd60d526f7564062
Ubuntu Security Notice USN-4733-2
Posted Mar 9, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4733-2 - USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
MD5 | 2086fff33a1cdd7b63c70ff5a6dec675
Ubuntu Security Notice USN-4757-2
Posted Mar 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4757-2 - USN-4757-1 fixed a vulnerability in wpa_supplicant and hostapd. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27803
MD5 | a1b5ddb158f703fa8c24f73c44d00c3a
Ubuntu Security Notice USN-4757-1
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4757-1 - It was discovered that wpa_supplicant did not properly handle P2P provision discovery requests in some situations. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-27803
MD5 | 76c6875576561e3219a3c05460b1d4b5
Ubuntu Security Notice USN-4754-4
Posted Mar 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-4 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2021-3177
MD5 | 6c6bc4e280c087eaec3deb827504f9bd
Ubuntu Security Notice USN-4737-2
Posted Mar 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4737-2 - USN-4737-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8625
MD5 | 349b92ba169e163fb5fd0d5408cd2389
Ubuntu Security Notice USN-4754-2
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
MD5 | c58459cb7018d68bd66024f925f30d8f
Ubuntu Security Notice USN-4754-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2020-27619
MD5 | fcb1f44f76f6b77579ed4d79f1e90403
Ubuntu Security Notice USN-4755-1
Posted Feb 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4755-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35523
MD5 | ce4c73d9700060bb9e46ed6eac083e16
Ubuntu Security Notice USN-4752-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
MD5 | 9add7841f0ccf8f64e1da83e75e06c64
Page 2 of 288
Back12345Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close