what you don't know can hurt you
Showing 101 - 125 of 7,141 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-4678-1
Posted Jan 6, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4678-1 - It was discovered that the AMD Running Average Power Limit driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-12912, CVE-2020-29534
MD5 | b3036de92a3edb42e7057a8095180d7c
Ubuntu Security Notice USN-4677-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4677-1 - David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-29361
MD5 | 21b501626a34f8159219ffcf33d54c15
Ubuntu Security Notice USN-4676-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4676-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-16587
MD5 | 590de48f77cba77bf4361c2d44509710
Ubuntu Security Notice USN-4675-1
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4675-1 - Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-29565
MD5 | cedbcdb29a863a00ae74cabeb5d33243
Ubuntu Security Notice USN-4674-2
Posted Jan 5, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-2 - USN-4674-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 14.04 ESM. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-25275
MD5 | 8b21140b2f6a9fb4daa95236efc08304
Ubuntu Security Notice USN-4668-3
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local, vulnerability, python
systems | linux, ubuntu
MD5 | a029e69b2f2fd6b5ff7a56f554dcb47f
Ubuntu Security Notice USN-4674-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4674-1 - It was discovered that Dovecot incorrectly handled certain imap hibernation commands. A remote authenticated attacker could possibly use this issue to access other users' email. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Innokentii Sennovskiy discovered that Dovecot incorrectly handled MIME parsing. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, imap
systems | linux, ubuntu
advisories | CVE-2020-24386, CVE-2020-25275
MD5 | b2e560c9e62cc73f933684b14231318a
Ubuntu Security Notice USN-4673-1
Posted Jan 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4673-1 - Li Fei discovered that libproxy incorrectly handled certain PAC files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-26154
MD5 | 37308d157792044dbd547beba780fbd7
Ubuntu Security Notice USN-4672-1
Posted Dec 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4672-1 - Rene Freingruber discovered that unzip incorrectly handled certain specially crafted password protected ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. Antonio Carista discovered that unzip incorrectly handled certain specially crafted ZIP archives. If a user or automated system using unzip were tricked into opening a specially crafted zip file, an attacker could exploit this to cause a crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9913, CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, CVE-2019-13232
MD5 | 2f7d857c85a538c18f56b7c0ae4eaac9
Ubuntu Security Notice USN-4671-1
Posted Dec 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4671-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, bypass security restrictions, spoof the URL bar, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113, CVE-2020-35114
MD5 | f011e19269912c246f796e240397e2e9
Ubuntu Security Notice USN-4670-1
Posted Dec 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4670-1 - It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.10. It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-19948, CVE-2020-27560
MD5 | 30a4aa3fdada1e940e6b1e0fdaa8a86e
Ubuntu Security Notice USN-4660-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4660-2 - USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788
MD5 | 13b59c23735c20b99a07f2be7c796f7e
Ubuntu Security Notice USN-4658-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4658-2 - USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788
MD5 | 66bcfd82be0047a6e48a5c99b2d2bdac
Ubuntu Security Notice USN-4659-2
Posted Dec 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4659-2 - USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705, CVE-2020-27152, CVE-2020-28915, CVE-2020-4788
MD5 | 6e8f14203b3a4048f0d5c37dc565a8ef
Aerospike Database UDF Lua Code Execution
Posted Dec 11, 2020
Authored by Brendan Coles, b4ny4n | Site metasploit.com

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.

tags | exploit, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-13151
MD5 | e8121ba043f9bc7dc8bc589dac7a4a1b
Ubuntu Security Notice USN-4666-2
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | 3795fad2ebbcace586aa3ec37a6a6597
Ubuntu Security Notice USN-4669-1
Posted Dec 11, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2019-12970
MD5 | 9c31e45174763f24cd3027caf8c1e712
Ubuntu Security Notice USN-4668-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.

tags | advisory, denial of service, local, python
systems | linux, ubuntu
advisories | CVE-2020-27351
MD5 | fec19eedb4411cf29ad285f5cd1196a2
Ubuntu Security Notice USN-4665-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-2 - USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-8284, CVE-2020-8285
MD5 | 70ae3c3e1b163767c7314ec475487ed0
Ubuntu Security Notice USN-4667-1
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4667-1 - Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-27350
MD5 | 95550b790b5b5e77f980c30a5fa95220
Ubuntu Security Notice USN-4668-2
Posted Dec 10, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were also addressed.

tags | advisory, vulnerability, python
systems | linux, ubuntu
MD5 | c139cb84adaae88c523ef36f4c1810e0
Ubuntu Security Notice USN-4666-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-1 - It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2020-27783
MD5 | e97ad9d2b142cb39ff0e56851b058ee8
Ubuntu Security Notice USN-4665-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4665-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286
MD5 | 9b9a20e2d0e66756f1b80b9137edad83
Ubuntu Security Notice USN-4664-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4664-1 - Kevin Backhouse discovered that Aptdaemon incorrectly handled certain properties. A local attacker could use this issue to test for the presence of local files. Kevin Backhouse discovered that Aptdaemon incorrectly handled permission checks. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2020-16128, CVE-2020-27349
MD5 | c6db7b60afa25c512c2223fdd54af63d
Ubuntu Security Notice USN-4663-1
Posted Dec 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4663-1 - Melvin Kool discovered that the GDK-PixBuf library did not properly handle certain GIF images. If an user or automated system were tricked into opening a specially crafted GIF file, a remote attacker could use this flaw to cause GDK-PixBuf to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-29385
MD5 | 89f97a063439553e6b46dce751806c53
Page 5 of 286
Back34567Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close