what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 9,407 RSS Feed

Operating System: Ubuntu

Ubuntu Security Notice USN-6608-2
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6608-2 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | a36fb866376042d55edb7600c47b39b6eea427e345f42f8acac97c6298960e3b
Ubuntu Security Notice USN-6626-2
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6626-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-32250, CVE-2023-32257, CVE-2023-34324, CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6176, CVE-2023-6622, CVE-2024-0641
SHA-256 | f604bb78b46c5c78f8d5c3eebf5d47fd8329d33d9d972d5425768f75ed48b1e8
Ubuntu Security Notice USN-6629-2
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6629-2 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
SHA-256 | ec6ddcf81a1c32520be536e38ebdd283e58f5386914c40a18c8dc5490e39e31a
Ubuntu Security Notice USN-6629-1
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2021-45958, CVE-2022-31116, CVE-2022-31117
SHA-256 | d35aa970db759e585e1e8439b5af8a9496efa3c84d58b5fde339a617a0f22a82
Ubuntu Security Notice USN-6634-1
Posted Feb 14, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6634-1 - Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a denial of service. Bahaa Naamneh discovered that .NET with OpenSSL support did not properly parse X509 certificates. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-21386, CVE-2024-21404
SHA-256 | de10672913c1c439d6731061defe8ff1f177c00fb56026d2b2e18bbcd3e60f15
Ubuntu Security Notice USN-6633-1
Posted Feb 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6633-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679
SHA-256 | 054b5c6621a2c15204c6e7c406399951136064dab698608de345f5ebc5be679d
Ubuntu Security Notice USN-6632-1
Posted Feb 13, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6632-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed PKCS12 files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-5678, CVE-2024-0727
SHA-256 | 3abb323919f13a3d84d1a0cd64fcc14e25be794245741c0876d6749101772303
Ubuntu Security Notice USN-6631-1
Posted Feb 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2024-23206
SHA-256 | 4b6f4fc061a2d62f4bfc4c023b3a9687f579682d0d0d93b1e1032a14339c54da
Ubuntu Security Notice USN-6630-1
Posted Feb 12, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6630-1 - It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2024-1141
SHA-256 | e33597e4fb62975ce2ddc0081056b778d1042fba229644d2cddd928586329b1c
Ubuntu Security Notice USN-6628-1
Posted Feb 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-32250, CVE-2023-32257, CVE-2023-34324, CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6040, CVE-2023-6176, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | a52607ded902da64c49c773da7fa6fd61683abc0bc5e94297c83cad64b281932
Ubuntu Security Notice USN-6625-2
Posted Feb 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6625-2 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343
SHA-256 | b66fd333f93de3d51bd80224f8e2d3a19cbfc05e73e64ee252cbdbc53d94990c
Ubuntu Security Notice USN-6627-1
Posted Feb 9, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6627-1 - It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-35452, CVE-2021-36408, CVE-2021-36409, CVE-2021-36411, CVE-2022-1253, CVE-2022-43236, CVE-2022-43237, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43248, CVE-2022-43252
SHA-256 | f02c27a054257e7caf3fb5163ff041b1ddb84edeb8858c8dee0b15323488e030
Ubuntu Security Notice USN-6626-1
Posted Feb 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6626-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2023-32250, CVE-2023-32257, CVE-2023-34324, CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6176, CVE-2023-6622, CVE-2024-0641
SHA-256 | abb47a750300846b247f677ef4f175df1919ba753b831f8a512ec32984686bf4
Ubuntu Security Notice USN-6625-1
Posted Feb 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6625-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343
SHA-256 | f216969201e4323ce6545b98d9b1f08db39bd8c3f06097ee0d2bd0d95e8ad152
Ubuntu Security Notice USN-6624-1
Posted Feb 8, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6624-1 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2023-34324, CVE-2023-35827, CVE-2023-46813, CVE-2023-46862, CVE-2023-5972, CVE-2023-6176, CVE-2023-6531, CVE-2023-6622, CVE-2024-0641
SHA-256 | 49de6bcbab59db57c8569fdb52fe4ace1e46659088c4f8553a5f53c1edba44e5
Ubuntu Security Notice USN-6610-2
Posted Feb 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6610-2 - USN-6610-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Cornel Ionce discovered that Firefox did not properly manage memory when opening the print preview dialog. An attacker could potentially exploit this issue to cause a denial of service.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2024-0742, CVE-2024-0746, CVE-2024-0748, CVE-2024-0754
SHA-256 | 64fd97a9abc0b32aa77ae8c1df918463236d7cd24e958946e5bd82a073d1878a
Ubuntu Security Notice USN-6609-3
Posted Feb 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6609-3 - Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 619aec4be89b4de08160625ec716465c9f95c8a45fde090dbaca0e9264752547
Ubuntu Security Notice USN-6623-1
Posted Feb 7, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6623-1 - It was discovered that Django incorrectly handled certain inputs that uses intcomma template filter. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2024-24680
SHA-256 | 3619f167d4af3c3cad853349ba958c0a1ad888f947a8b9a384c780603926d1f5
Ubuntu Security Notice USN-6592-2
Posted Feb 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6592-2 - USN-6592-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6004, CVE-2023-6918
SHA-256 | 8b05812f1564de798f6fac3b6ba6391af039f74309ab8408b47cb1ef70eee3fa
runc 1.1.11 File Descriptor Leak Privilege Escalation
Posted Feb 5, 2024
Authored by h00die, Rory McNamara | Site metasploit.com

runc versions 1.1.11 and below, as used by containerization technologies such as Docker engine and Kubernetes, are vulnerable to an arbitrary file write vulnerability. Due to a file descriptor leak it is possible to mount the host file system with the permissions of runc (typically root). Successfully tested on Ubuntu 22.04 with runc 1.1.7-0ubuntu1~22.04.1 using Docker build.

tags | exploit, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2024-21626
SHA-256 | c42842f57bc20a342f98ba3468fd922f4034a579676faa1da23d0d71f03b5e91
Ubuntu Security Notice USN-6622-1
Posted Feb 5, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6622-1 - David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC on the PowerPC architecture. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | ff69da46815898e29a74d2a9b2e923d655291a8edb80d059ecf7a44b3dc0eeb1
Ubuntu Security Notice USN-6621-1
Posted Feb 2, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6621-1 - It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-5341
SHA-256 | d38033701261e34456f9c4b4ae618fc4e2d85060257a1b6c7c655a752562ae15
Ubuntu Security Notice USN-6620-1
Posted Feb 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2023-6246
SHA-256 | 885d7737c8896c4979eff3130aedfac27d41d771214fabcaa738e3479072e0e6
Ubuntu Security Notice USN-6619-1
Posted Feb 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6619-1 - Rory McNamara discovered that runC did not properly manage internal file descriptor while managing containers. An attacker could possibly use this issue to obtain sensitive information or bypass container restrictions.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2024-21626
SHA-256 | 9c458430c39645313c622ac79bca7894770ec71a3fc955a22570296e7f62650a
Ubuntu Security Notice USN-6587-4
Posted Feb 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6587-4 - USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-6816, CVE-2024-0229, CVE-2024-0408, CVE-2024-0409, CVE-2024-21885, CVE-2024-21886
SHA-256 | 6280234da702462a9a8a5cb22d88ea81607160120dbeb11971118a38e1bb841f
Page 6 of 377
Back45678Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close