Twenty Year Anniversary
Showing 26 - 50 of 12,981 RSS Feed

Local Files

Ubuntu Security Notice USN-3742-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-2 - USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
MD5 | 8765eb216afec68e03e4729f603e2423
Ubuntu Security Notice USN-3741-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3741-2 - USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
MD5 | a0d39dbb79e2f19019b21e3f47cfbcee
Ubuntu Security Notice USN-3742-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3742-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-18344, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
MD5 | 0bb27e1ab89c610a43b666ee9c098afd
Ubuntu Security Notice USN-3741-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3741-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391
MD5 | adb44b3c97e09a1c8c3883fb1c76b23f
Ubuntu Security Notice USN-3740-2
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3740-2 - USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5391
MD5 | af22cc41875cbf38e938fba21964205a
Ubuntu Security Notice USN-3740-1
Posted Aug 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3740-1 - It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker in a guest virtual machine could use this to expose sensitive information. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-3620, CVE-2018-3646, CVE-2018-5391
MD5 | 1996e4f32e8fd7c1ba60b8a9ec50cc26
Apple Smart Card Services Memory Corruption
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.

tags | advisory, local, vulnerability, code execution
advisories | CVE-2018-4300, CVE-2018-4301
MD5 | ecc75d2e3e4e765c8de7001179ad0ec1
Ubuntu Security Notice USN-3737-1
Posted Aug 13, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3737-1 - A use-after-free was discovered in GDM. A local user could exploit this to cause a denial of service, or potentially execute arbitrary code as the administrator.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-14424
MD5 | 38080a9134a5f410aa307c4b5cf0dad7
Kernel Live Patch Security Notice LSN-0041-1
Posted Aug 10, 2018
Authored by Benjamin M. Romer

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. Wen Xu discovered that the ext4 file system implementation in the Linux kernel did not properly initialize the crc32c checksum driver. A local attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux
advisories | CVE-2018-1094, CVE-2018-11506, CVE-2018-13094, CVE-2018-13405, CVE-2018-5390
MD5 | fc944208680854f3168be2702b530c3b
man-cgi Local File Inclusion
Posted Aug 8, 2018
Authored by eL_Bart0

man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.

tags | exploit, local, cgi, file inclusion
advisories | CVE-2018-14429
MD5 | bca0e6274252ccbf0017f77e91d0f04e
Ubuntu Security Notice USN-3733-1
Posted Aug 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3733-1 - Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that GnuPG is vulnerable to a cache side-channel attack. A local attacker could use this attack to recover RSA private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-7526
MD5 | 1e04040a0f99386a8b56262eec323ea2
Ubuntu Security Notice USN-3730-1
Posted Aug 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3730-1 - Matthias Gerstner discovered that LXC incorrectly handled the lxc-user-nic utility. A local attacker could possibly use this issue to open arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-6556
MD5 | 2d49f90b6beba33820201e89a4784c25
Fortinet FortiClient 5.2.3 Local Privilege Escalation
Posted Aug 5, 2018
Authored by sickness, mschenk

Fortinet FortiClient version 5.2.3 (Windows 10 x64 Creators) suffers from a local privilege escalation vulnerability.

tags | exploit, local
systems | windows
advisories | CVE-2015-4077, CVE-2015-5736
MD5 | c481ba1c8cfdb5ac306d51bfefbf9590
Sun Solaris 11.3 AVS Local Kernel Root
Posted Aug 2, 2018
Authored by mu-b

Sun Solaris versions 10 and 11.3 and below local kernel root exploit.

tags | exploit, kernel, local, root
systems | solaris
advisories | CVE-2018-2892
MD5 | e87115e82276d32408f82a68e1b2de6f
HRSale 1.0.6 Local File Disclosure
Posted Jul 31, 2018
Authored by ShanoWeb

HRSale HR Management PHP script version 1.0.6 suffers from a local file disclosure vulnerability.

tags | exploit, local, php, info disclosure
MD5 | 7359826a28a3b8ffd79965cd3b39d5bf
Debian Security Advisory 4257-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-10906
MD5 | f932429bd8527a9205a47d92419b417a
Charles Proxy 4.2 Local Root Privilege Escalation
Posted Jul 30, 2018
Authored by Mark Wadham

Charles Proxy version 4.2 suffers from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2017-15358
MD5 | 96d52f648a1dd6a9a475dd5d37ec6868
CleanMyMac3 Local Privilege Escalation
Posted Jul 26, 2018
Authored by Chi Chou

CleanMyMac3 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 752b3e6262d71a2ee1685e5a4c8bc7d4
Inteno's IOPSYS Local Privilege Escalation
Posted Jul 25, 2018
Authored by neonsea

Inteno's IOPSYS suffers from an authenticated local privilege escalation vulnerability.

tags | exploit, local
MD5 | a7cc5998b50392cd2e39daa15831a611
Red Hat Security Advisory 2018-2243-01
Posted Jul 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2243-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Issues addressed include clickjacking protection.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2017-2658
MD5 | 60d79a34e56dd376fdf4771cab9ba739
Debian Security Advisory 4253-1
Posted Jul 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4253-1 - Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2018-10900
MD5 | f2b2e08caa80832ea6c4dd74046f2fe7
Ubuntu Security Notice USN-3717-2
Posted Jul 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3717-2 - USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-3255, CVE-2018-1116
MD5 | 78d3067a269ada3defc617dd1a89a37b
TOR Virtual Network Tunneling Tool 0.3.3.9
Posted Jul 17, 2018
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.3.3.9 moves to a new bridge authority, meaning people running bridge relays should upgrade.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 16b24bda0772dc3d5c4c05254ec4bce7
Microsoft Windows .library-ms Information Disclosure
Posted Jul 16, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.

tags | exploit, remote, local
systems | windows
MD5 | 3efbbbe3394fffedf1bbcf55f304effb
Ubuntu Security Notice USN-3717-1
Posted Jul 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3717-1 - Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116
MD5 | bb26c8309333e7b82004f400f1d0c1c2
Page 2 of 520
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close