what you don't know can hurt you
Showing 26 - 50 of 7,072 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4683-1
Posted Jan 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4683-1 - Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-28974
MD5 | 7fbd2df16ee169fac1041dc6ef729402
Ubuntu Security Notice USN-4677-2
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4677-2 - USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-29361
MD5 | f0cd253812e585b78a6df0d24f050a4c
Ubuntu Security Notice USN-4682-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4682-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-35738
MD5 | 071a6f4ed83c58b35aaeadaa4f78066a
Ubuntu Security Notice USN-4681-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4681-1 - Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A local attacker could use this to cause a denial of service. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675, CVE-2020-28974, CVE-2020-4788
MD5 | 91670808904d9a205af1af1baa6a1ec2
Ubuntu Security Notice USN-4680-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4680-1 - It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-19770, CVE-2020-0423, CVE-2020-10135, CVE-2020-25656, CVE-2020-25668, CVE-2020-25705, CVE-2020-27675, CVE-2020-27777, CVE-2020-28974
MD5 | d9396f87744b985c8e687f3925ea532c
Ubuntu Security Notice USN-4679-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4679-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-25656, CVE-2020-25668, CVE-2020-25704, CVE-2020-27675, CVE-2020-27777, CVE-2020-28974
MD5 | 1ace1ae8d4759419772bc1a1bdf880c4
Ubuntu Security Notice USN-4678-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4678-1 - It was discovered that the AMD Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12912, CVE-2020-29534
MD5 | b3036de92a3edb42e7057a8095180d7c
Ubuntu Security Notice USN-4677-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4677-1 - David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-29361
MD5 | 21b501626a34f8159219ffcf33d54c15
Ubuntu Security Notice USN-4676-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16587
MD5 | 590de48f77cba77bf4361c2d44509710
Ubuntu Security Notice USN-4675-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4675-1 - Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-29565
MD5 | cedbcdb29a863a00ae74cabeb5d33243
Ubuntu Security Notice USN-4674-2
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-2 - USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-25275
MD5 | 8b21140b2f6a9fb4daa95236efc08304
Ubuntu Security Notice USN-4668-3
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability, python
systems | linux, ubuntu
MD5 | a029e69b2f2fd6b5ff7a56f554dcb47f
Ubuntu Security Notice USN-4674-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, imap
systems | linux, ubuntu
advisories | CVE-2020-24386, CVE-2020-25275
MD5 | b2e560c9e62cc73f933684b14231318a
Ubuntu Security Notice USN-4673-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4673-1 - Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-26154
MD5 | 37308d157792044dbd547beba780fbd7
Ubuntu Security Notice USN-4672-1
Posted Dec 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, CVE-2019-13232
MD5 | 2f7d857c85a538c18f56b7c0ae4eaac9
Ubuntu Security Notice USN-4671-1
Posted Dec 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4671-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113, CVE-2020-35114
MD5 | f011e19269912c246f796e240397e2e9
Ubuntu Security Notice USN-4670-1
Posted Dec 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4670-1 - It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10. It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-19948, CVE-2020-27560
MD5 | 30a4aa3fdada1e940e6b1e0fdaa8a86e
Ubuntu Security Notice USN-4660-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-2 - USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
MD5 | 13b59c23735c20b99a07f2be7c796f7e
Ubuntu Security Notice USN-4658-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4658-2 - USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 66bcfd82be0047a6e48a5c99b2d2bdac
Ubuntu Security Notice USN-4659-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4659-2 - USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705, CVE-2020-27152, CVE-2020-28915, CVE-2020-4788
MD5 | 6e8f14203b3a4048f0d5c37dc565a8ef
Aerospike Database UDF Lua Code Execution
Posted Dec 11, 2020
Authored by Brendan Coles, b4ny4n | Site metasploit.com

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.

tags | exploit, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-13151
MD5 | e8121ba043f9bc7dc8bc589dac7a4a1b
Ubuntu Security Notice USN-4666-2
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | 3795fad2ebbcace586aa3ec37a6a6597
Ubuntu Security Notice USN-4669-1
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2019-12970
MD5 | 9c31e45174763f24cd3027caf8c1e712
Ubuntu Security Notice USN-4668-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
MD5 | fec19eedb4411cf29ad285f5cd1196a2
Ubuntu Security Notice USN-4665-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8284, CVE-2020-8285
MD5 | 70ae3c3e1b163767c7314ec475487ed0
Page 2 of 283
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close