what you don't know can hurt you
Showing 76 - 100 of 6,877 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4475-1
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4475-1 - It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-14367
MD5 | 14921cf609df424352817f166e5b905c
Ubuntu Security Notice USN-4446-2
Posted Aug 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2019-12520, CVE-2019-12523, CVE-2019-12524, CVE-2019-18676
MD5 | 3ce54dac1a09ed855009027ca7b777d9
Ubuntu Security Notice USN-4474-1
Posted Aug 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4474-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-12400, CVE-2020-15665, CVE-2020-15666, CVE-2020-15668
MD5 | f0025dd9b075706dd47481ec7cc4d553
Ubuntu Security Notice USN-4473-1
Posted Aug 26, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4473-1 - It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-16091, CVE-2019-16095
MD5 | c1ccb030cd1f7d53075bfe2514e30010
Ubuntu Security Notice USN-4472-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4472-1 - Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-14349, CVE-2020-14350
MD5 | e8dbab859b9c49076c5685284036ee91
Ubuntu Security Notice USN-4470-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4470-1 - Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-6318, CVE-2020-12861, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
MD5 | ddfead9153ff3c90a15664f77f2e695c
Ubuntu Security Notice USN-4469-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16287, CVE-2020-16291, CVE-2020-16295, CVE-2020-16299, CVE-2020-16303, CVE-2020-16307, CVE-2020-17538
MD5 | 2d9bb0274240c392bfc66cd2aee77609
Ubuntu Security Notice USN-4471-1
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4471-1 - Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15861, CVE-2020-15862
MD5 | 50fa4bedbfcc6939a19f53cd8b56ae6f
Ubuntu Security Notice USN-4468-2
Posted Aug 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4468-2 - USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-8622
MD5 | d1d4cb9f73bbd30c12006e9157ed351a
Ubuntu Security Notice USN-4468-1
Posted Aug 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, tcp
systems | linux, ubuntu
advisories | CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
MD5 | b7dcb2f5025b482f2cbb92a36354b19b
Ubuntu Security Notice USN-4466-2
Posted Aug 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4466-2 - USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8231
MD5 | 522ed7acb4e8dbf21cd7d004af916da3
Ubuntu Security Notice USN-4467-1
Posted Aug 20, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4467-1 - Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-10756, CVE-2020-10761, CVE-2020-12829, CVE-2020-13253, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754, CVE-2020-13765, CVE-2020-13800, CVE-2020-14415, CVE-2020-15863, CVE-2020-16092
MD5 | 09a8b27ad4b8d9e9af007c8184f01b04
Ubuntu Security Notice USN-4466-1
Posted Aug 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4466-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-8231
MD5 | 05bcf7b1689c82fafb1614af7d438084
Ubuntu Security Notice USN-4465-1
Posted Aug 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4465-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12655, CVE-2020-12771, CVE-2020-15393
MD5 | f0f6c122962bc285898b47dc123e8e77
Ubuntu Security Notice USN-4464-1
Posted Aug 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4464-1 - It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout.

tags | advisory, shell
systems | linux, ubuntu
advisories | CVE-2020-17489
MD5 | 8745f9f5ffe60d4092fe96c7797d1064
Ubuntu Security Notice USN-4463-1
Posted Aug 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4463-1 - It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12771, CVE-2020-15393
MD5 | 8e30c40c90742d5c51e764f706653bf5
Ubuntu Security Notice USN-4461-1
Posted Aug 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4461-1 - Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-16116
MD5 | d7be1eab82fc120869e85b601895b87f
Ubuntu Security Notice USN-4462-1
Posted Aug 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4462-1 - It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12771
MD5 | e9c488c9eb3bd3627a4b2add26ec9824
Ubuntu Security Notice USN-4460-1
Posted Aug 18, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4460-1 - It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-16163
MD5 | f6579526b0418897d75dd8a291b4e7f4
Ubuntu Security Notice USN-4457-2
Posted Aug 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-2 - USN-4457-1 fixed a vulnerability in Software. This update provides the corresponding update for Ubuntu 14.04 ESM. Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | 9b4d94e36e68614a576fb7adcba68cc3
Ubuntu Security Notice USN-4456-2
Posted Aug 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4456-2 - USN-4456-1 fixed several vulnerabilities in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Dovecot incorrectly handled deeply nested MIME parts. A remote attacker could possibly use this issue to cause Dovecot to consume resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
MD5 | 37e3fb4660496bc29f37e884ad2c76db
Ubuntu Security Notice USN-4459-1
Posted Aug 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-15750, CVE-2018-15751, CVE-2019-17361, CVE-2020-11652
MD5 | fab02805099e5ba345f240d307c51f20
vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
MD5 | b60b0666592e30c6b174a6e6343f7c54
Ubuntu Security Notice USN-4458-1
Posted Aug 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2020-11984, CVE-2020-11993, CVE-2020-1927, CVE-2020-1934, CVE-2020-9490
MD5 | 7140a6d9fa7d076a14e596e4242f90fd
Ubuntu Security Notice USN-4457-1
Posted Aug 12, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4457-1 - Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-15709
MD5 | ecb41f82ad36c486d2149a4f5bc4a612
Page 4 of 276
Back23456Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    9 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close