Ubuntu Security Notice 4733-1 - Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.
3c18fc22fd38af8603be0f826c12a53cUbuntu Security Notice 4732-1 - It was discovered that SQLite incorrectly handled certain sub-queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.
e0f6a0115e831021a7d9afe4e2b27703Ubuntu Security Notice 4727-1 - Alexander Popov discovered that multiple race conditions existed in the AF_VSOCK implementation in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.
a8c89d3cda17bd2462a03e3fd24d9971Ubuntu Security Notice 4728-1 - Gilad Reti discovered that snapd did not correctly specify cgroup delegation when generating systemd service units for various container management snaps. This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container.
086df1dbda8bd6351da6a2f9cd5a4644Ubuntu Security Notice 4717-2 - USN-4717-1 fixed vulnerabilities in Firefox. The update caused a startup hang in some circumstances. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code. Various other issues were also addressed.
a0a85c5462fa046cf0f14ca932dd4eebDiscord Probot suffers from an arbitrary file upload vulnerability.
fd81cb48fbf83ef8a47b35f2ebe27490Ubuntu Security Notice 4724-1 - It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
852e5d3d483b0c482e0d2cf0e83c7463Ubuntu Security Notice 4723-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e5a5caaef47996d8ce8f41c96561ee25Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.
8fdb1b95064080911e8061c372c4f26bUbuntu Security Notice 4720-1 - Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A local attacker could possibly use this issue to cause Apport to hang, resulting in a denial of service.
34798d94c26a3bd12acc34173bea402fUbuntu Security Notice 4720-2 - USN-4720-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.
49e34ac829aa531d6ce391a79f60d6fasqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
78c920583fa0ecc1970cdd57b22c5d8cUbuntu Security Notice 4717-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.
f6f05555968e4f6500feca7736c8d8bcGentoo Linux Security Advisory 202102-2 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.7.0 are affected.
ebc98d5b25ce0c41703e4d2f27db7413Gentoo Linux Security Advisory 202102-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 85.0 are affected.
517955742b3ce4ae0d2c862d8d2b85b0Ubuntu Security Notice 4714-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. Various other issues were also addressed.
3cdeed73f8b46410b7481e928cd50ec1Gentoo Linux Security Advisory 202101-37 - A buffer overflow in VLC might allow remote attacker(s) to execute arbitrary code. Versions less than 3.0.12.1 are affected.
96e16d024738b165decb6bd77604791bApple Security Advisory 2021-01-26-1 - iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.
9ea3bdc34259ca4f0ff33cda355065ebUbuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. Various other issues were also addressed.
21c29b1fe2faf41239164e4ee250c1daGentoo Linux Security Advisory 202101-30 - Multiple vulnerabilities have been found in Qt WebEngine, the worst of which could result in the arbitrary execution of code. Versions less than 5.15.2 are affected.
c3fe0f3860e8a822357dca9c7594275cGentoo Linux Security Advisory 202101-29 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which could result in the arbitrary execution of code. Versions less than *:1 and 2.4.0:2 are affected.
07ef80970301c9f0108866508e473edbGentoo Linux Security Advisory 202101-26 - Multiple vulnerabilities have been found in f2fs-tools, the worst of which could result in the arbitrary execution of code. Versions less than 1.14.0 are affected.
53b49771a96bcaaacbff50c3021291c3Gentoo Linux Security Advisory 202101-24 - Multiple vulnerabilities have been found in cfitsio, the worst of which could result in the arbitrary execution of code. Versions less than 3.490 are affected.
24687d5bab7bbfead9ce7efa6439a84cGentoo Linux Security Advisory 202101-23 - Multiple vulnerabilities have been found in PEAR Archive_Tar, the worst of which could result in the arbitrary execution of code. Versions prior to 1.4.12 are affected.
d8dc694ad651789684286f92beaa0a8bThis Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.
7c33e20f3f1e07af9b1f4641460e7354
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed