what you don't know can hurt you
Showing 51 - 75 of 6,086 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-3916-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3916-1 - It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2018-20532
MD5 | 70fe4f30d8440aca23ca45dae788f1c5
Ubuntu Security Notice USN-3917-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3917-1 - The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-7303
MD5 | 9673787b73f906be9d48ecf914106030
Ubuntu Security Notice USN-3918-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3918-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-9788, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9797, CVE-2019-9799, CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9808, CVE-2019-9809
MD5 | 7a027189c82bdc87f59c8d573a89c651
Ubuntu Security Notice USN-3913-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3913-1 - It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to arbitrary code execution.

tags | advisory, code execution
systems | linux, ubuntu
advisories | CVE-2016-2335
MD5 | a222fa1199b772b4af03fd82ced01935
Ubuntu Security Notice USN-3915-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3915-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-3835
MD5 | 51af7b4abfe723103eb813857d63f1b1
Ubuntu Security Notice USN-3914-1
Posted Mar 22, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.

tags | advisory, overflow, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-9755
MD5 | 0d6118cd73ef057e584a045b065f72bc
Ubuntu Security Notice USN-3912-1
Posted Mar 21, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3912-1 - It was discovered that the GDK-PixBuf library did not properly handle certain BMP images. If an user or automated system were tricked into opening a specially crafted BMP file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-12447
MD5 | 6148b2880eeab129f7f0943d1cac0eb5
Ubuntu Security Notice USN-3906-2
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10779, CVE-2018-17101
MD5 | d6332636e5ade7508bf28fbcac3c59cc
Ubuntu Security Notice USN-3911-1
Posted Mar 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-8904
MD5 | a42b0939b032f1ef360d067831515fc8
Ubuntu Security Notice USN-3910-1
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 4c9e16088685e925a3c78db741714aee
Ubuntu Security Notice USN-3910-2
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 90737e4356a35bc59a396e5d7a1d20a2
Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
MD5 | 3ba74c7641d287a5a1d6cee6bdb0eff5
Ubuntu Security Notice USN-3909-1
Posted Mar 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3909-1 - It was discovered that libvirt incorrectly handled waiting for certain agent events. An attacker inside a guest could possibly use this issue to cause libvirtd to stop responding, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-3840
MD5 | f6c908e715df39ee76f1ff3afc82119d
Ubuntu Security Notice USN-3908-2
Posted Mar 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3908-2 - USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | dbb305ea7db319ebed15a4e2411d5c52
Ubuntu Security Notice USN-3908-1
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3908-1 - Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | 03182f2331e6a955ceec56252c40c57c
Ubuntu Security Notice USN-3902-2
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024
MD5 | 65357e37cae18068e3e84434235d1e1f
Ubuntu Security Notice USN-3907-1
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3907-1 - It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2019-0804
MD5 | d596f7c7e083bed1bc94c58895bd3bf3
elFinder PHP Connector exiftran Command Injection
Posted Mar 12, 2019
Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.

tags | exploit, remote, web, shell, php
systems | linux, ubuntu
MD5 | 3664569f65ef2128717bd5e02f29d7b4
Ubuntu Security Notice USN-3906-1
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3906-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-10779, CVE-2019-6128
MD5 | 56e847616d505958b3eb0f59eaea2e67
Ubuntu Security Notice USN-3905-1
Posted Mar 11, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3905-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-9200
MD5 | 2a51e27e1a9225ba00504cf46b56f536
Linux Kernel 4.4 (Ubuntu 16.04) snd_timer_user_ccallback() Kernel Pointer Leak
Posted Mar 11, 2019
Authored by Wally0813

Linux Kernel version 4.4 (Ubuntu 16.04) suffers from a snd_timer_user_ccallback() kernel pointer leak vulnerability.

tags | exploit, kernel
systems | linux, ubuntu
advisories | CVE-2016-4578
MD5 | cf9d401a9cb8b4f7cdf8742a64581c60
Ubuntu Security Notice USN-3904-1
Posted Mar 7, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3904-1 - It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU.

tags | advisory, local
systems | linux, ubuntu
MD5 | fd0ff441d79231dc2569fe809743e7e0
Ubuntu Security Notice USN-3903-2
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-2 - USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 5e5d9cbb5878ed83496a64b72a97df4f
Ubuntu Security Notice USN-3903-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 1bae64cc96939b5670016270682ddee8
Ubuntu Security Notice USN-3902-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3902-1 - It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. It was discovered that PHP incorrectly parsed certain DNS responses. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024
MD5 | 9715d43e4e828f788c824aa665b39b95
Page 3 of 244
Back12345Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    7 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close