exploit the possibilities
Showing 51 - 75 of 7,076 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4666-2
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | 3795fad2ebbcace586aa3ec37a6a6597
Ubuntu Security Notice USN-4669-1
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2019-12970
MD5 | 9c31e45174763f24cd3027caf8c1e712
Ubuntu Security Notice USN-4668-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
MD5 | fec19eedb4411cf29ad285f5cd1196a2
Ubuntu Security Notice USN-4665-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8284, CVE-2020-8285
MD5 | 70ae3c3e1b163767c7314ec475487ed0
Ubuntu Security Notice USN-4667-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4667-1 - Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-27350
MD5 | 95550b790b5b5e77f980c30a5fa95220
Ubuntu Security Notice USN-4668-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were also addressed.

tags | advisory, vulnerability, python
systems | linux, ubuntu
MD5 | c139cb84adaae88c523ef36f4c1810e0
Ubuntu Security Notice USN-4666-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | e97ad9d2b142cb39ff0e56851b058ee8
Ubuntu Security Notice USN-4665-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
MD5 | 9b9a20e2d0e66756f1b80b9137edad83
Ubuntu Security Notice USN-4664-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-16128, CVE-2020-27349
MD5 | c6db7b60afa25c512c2223fdd54af63d
Ubuntu Security Notice USN-4663-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-29385
MD5 | 89f97a063439553e6b46dce751806c53
Ubuntu Security Notice USN-4662-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4662-1 - David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1971
MD5 | 9254e91b7f032d7e0e00f066128a85d1
Ubuntu Security Notice USN-4656-2
Posted Dec 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4656-2 - USN-4656-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14360
MD5 | ced1235af213c4fb025d91a0a2d09a4c
Ubuntu Security Notice USN-4661-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4661-1 - It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27348
MD5 | 8a6dada5d152bd4b50ac79acb662196a
Ubuntu Security Notice USN-4660-1
Posted Dec 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
MD5 | ee3119babe4a4a73b8652559a6df5f65
Ubuntu Security Notice USN-4659-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4659-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705, CVE-2020-27152, CVE-2020-28915, CVE-2020-4788
MD5 | 37ee7c1e29761f04f52a270e013cd6ed
Ubuntu Security Notice USN-4658-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4658-1 - It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 172e17181d7ddc7028474879ff713778
Ubuntu Security Notice USN-4657-1
Posted Dec 2, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4657-1 - Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2020-0427, CVE-2020-10135, CVE-2020-12352, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 3aefcd5c22a1c13bbe2b3f9912ac8531
Ubuntu Security Notice USN-4656-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-14360
MD5 | 93853767d560545b7dd82c968276953f
Ubuntu Security Notice USN-4655-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-14806, CVE-2020-28724
MD5 | ce431abe7eb561d35f930c7d3b02aba5
Ubuntu Security Notice USN-4654-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-28948
MD5 | 82c82cbd2ddeecdab18d7a3219f64cce
Ubuntu Security Notice USN-4653-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.

tags | advisory
systems | linux, unix, ubuntu
advisories | CVE-2020-15257
MD5 | 8ecc1fa869b3211bbb093ef90ef1a0f9
Ubuntu Security Notice USN-4652-1
Posted Dec 1, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5439
MD5 | 6a7456d4d7b6165153389916c139259a
Ubuntu Security Notice USN-4651-1
Posted Nov 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
MD5 | 61f4c1253072775bddb79c85206628a7
Ubuntu Security Notice USN-4650-1
Posted Nov 30, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-17380, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27616, CVE-2020-27617
MD5 | 637bf499dd94b75eea9e3371d70add3a
Ubuntu Security Notice USN-4646-2
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-2 - USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
MD5 | 0b505ce3fcb8bc020d54095819e940fa
Page 3 of 283
Back12345Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    28 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close