exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Kernel Live Patch Security Notice LSN-0102-1
Posted Apr 9, 2024
Authored by Benjamin M. Romer

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, memory leak
systems | linux
advisories | CVE-2023-1872, CVE-2023-4569, CVE-2023-51781, CVE-2023-6176, CVE-2024-0646, CVE-2024-1086
SHA-256 | 5d360530cd59a1d5483a776654fdfec33b0978f21c0af5d79f7f2f3fb4c9a39c

Related Files

Ubuntu Security Notice USN-1465-1
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1465-1 - It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2011-4409
SHA-256 | 4043575a28f3151a2c63c3f93da7f4ede5fdb9d43fbcd6804a4bde82d888ea74
Ubuntu Security Notice USN-1465-2
Posted Jun 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1465-2 - USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Various other issues were also addressed.

tags | advisory, remote, web, protocol
systems | linux, ubuntu
advisories | CVE-2011-4409
SHA-256 | bfc4b1a4f40b1086e4a2f1209aef6c19231f1edd3f5e17263857e268a19058a8
Ubuntu Security Notice USN-1462-1
Posted Jun 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1462-1 - Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1667, CVE-2012-1033, CVE-2012-1033, CVE-2012-1667
SHA-256 | fbb84f8a8376f523eed4e2f4816747ef3238b74da3cc1ad2b4f06e1fc32b80b8
Ubuntu Security Notice USN-1461-1
Posted Jun 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1461-1 - It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2143, CVE-2012-2655, CVE-2012-2143, CVE-2012-2655
SHA-256 | d480f4d0c7f143e0107319fc134d8cf735ea4e8f2d1e69b46c520248589c93c4
Debian Security Advisory 2486-1
Posted Jun 5, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2486-1 - It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected.

tags | advisory
systems | linux, debian
advisories | CVE-2012-1667
SHA-256 | aaff0d5dfe0a95b4be0cdbb6f1f283c8f68f1de358f21672e99d54fa43fda6f7
Debian Security Advisory 2480-2
Posted May 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.

tags | advisory
systems | linux, debian
SHA-256 | e07b2f00d518d311c1eeb0eea530260835e3164ea995c4f29764a08ebe15c712
Ubuntu Security Notice USN-1451-1
Posted May 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0884, CVE-2012-2333, CVE-2012-0884, CVE-2012-2333
SHA-256 | c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957a
Debian Security Advisory 2478-1
Posted May 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2337
SHA-256 | fa49469a07a4c2e333f036a694c17b0a83d1f089b43d38e1c25cb2dfb19e3c66
Ubuntu Security Notice USN-1450-1
Posted May 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2141
SHA-256 | 3b977734c077d0a8b53a81dede80897dca3542072cb2371b9fec6ca89ec6c4ab
Ubuntu Security Notice USN-1449-1
Posted May 22, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2921
SHA-256 | 6a3a1b00e46dc08727ec76015083bbe2e5e84e541d19baf4809755132656980b
Debian Security Advisory 2475-1
Posted May 18, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2012-2333
SHA-256 | 66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Ubuntu Security Notice USN-1444-1
Posted May 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2011-5081
SHA-256 | 359bdbb94093049e72426ec798a95cfc4d4baea1ae5e0d2cd86c4ac125e3c152
Ubuntu Security Notice USN-1443-1
Posted May 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1443-1 - It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad when reporting bugs. This could possibly result in repository credentials being included in public bug reports. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-0948, CVE-2012-0949, CVE-2012-0948, CVE-2012-0949
SHA-256 | 6404506a03e0bd2370106f34332c5a744490330dc284ffba95740f7fd563f31a
Ubuntu Security Notice USN-1442-1
Posted May 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-2337
SHA-256 | 4324b59d64b342a521a0980f0e685008be9a14f33f0173e24e06a2608c59a814
Ubuntu Security Notice USN-1441-1
Posted May 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0250, CVE-2012-0255, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255
SHA-256 | 5d00061ebbf37190e2a234ed2e926b9591981ccaf98e5bc04f27356da0113e72
Mandriva Linux Security Advisory 2012-068-1
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php
systems | linux, mandriva
advisories | CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
SHA-256 | 5f07bbe61bf5a454e33f2bc2bed0f93359504f04f545248be27c70f9cec98327
Debian Security Advisory 2468-1
Posted May 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2468-1 - It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.

tags | advisory, java, arbitrary
systems | linux, debian
advisories | CVE-2012-0213
SHA-256 | 920a70bfc04b0acc0425ec067ac9afcca3536a5264b0f2d72e8aaeffc68e9fde
Debian Security Advisory 2467-1
Posted May 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2467-1 - It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.

tags | advisory
systems | linux, debian
SHA-256 | 5dee642e0bd8295239c7653b2351ced32900bd0db2c2ba222a7b00678aca31fd
Red Hat Security Advisory 2012-0542-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 8b3987f6e40fef85052bc1517ccdd155b8785e42c315e04f9e426c3eaf558929
Red Hat Security Advisory 2012-0543-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 376715e8712ee30354e348ebd39de77f32d1502ee20f1d7c87fee06fdef8376b
Ubuntu Security Notice USN-1437-1
Posted May 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1437-1 - It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. This could allow a remote attacker to execute arbitrary code running with the privilege of the web server. Configurations using mod_php5 and FastCGI were not vulnerable.

tags | advisory, remote, web, arbitrary, cgi, php
systems | linux, ubuntu
advisories | CVE-2012-1823, CVE-2012-2311
SHA-256 | 38f9d764d6c2cf212c5eff43704012fdf52ff4fe7d6dd5988c81045cf41f1f3a
Ubuntu Security Notice USN-1429-1
Posted Apr 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1429-1 - It was discovered that Jetty computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4461
SHA-256 | 52e44c68f6ad4a8cd1f7f561ee0b38ed0eea2d083b07d93a3af16f0ede4ed105
Mandriva Linux Security Advisory 2012-064
Posted Apr 25, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-064 - It was discovered that the fix for was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2131
SHA-256 | ec7a43232cc989e79b3501b0f69ac7ec5d682e3b543f7d254621488da11de02d
Ubuntu Security Notice USN-1428-1
Posted Apr 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2131, CVE-2012-2131
SHA-256 | 2289dbca4426d93d31dbb6364a90c4dd7c450eed99d5564b22b994ee965977e4
OpenSSL ASN1 BIO Incomplete Fix
Posted Apr 24, 2012
Site openssl.org

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 was not sufficient to correct the issue for OpenSSL 0.9.8.

tags | advisory
advisories | CVE-2012-2110
SHA-256 | a2d545ec62a52607048d372fcbb97478bc42740f380ce0e3a1e6aa5f96c271dc
Page 3 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close