«
Expand/Collapse
1203 items tagged "notice"
Related tags:
rodrigo freire [+],
network connections [+],
malicious website [+],
keyserver [+],
congestion control algorithm [+],
denial of service [+],
input validation [+],
web server user [+],
tyler hicks [+],
tyler [+],
shugo maeda [+],
sebastian krahmer [+],
root privileges [+],
james kettle [+],
gpg keys [+],
gain root privileges [+],
environment variables [+],
django [+],
directory traversal [+],
dan rosenberg [+],
based buffer overflow [+],
arbitrary files [+],
arbitrary code [+],
jake montgomery [+],
attacker [+],
linux kernel [+],
webapps [+],
web plugin [+],
web client [+],
web browser security [+],
vijaya [+],
user agent string [+],
unicode string [+],
transport layer security [+],
transmission web [+],
tomas mraz [+],
timo warns [+],
tiff image [+],
tiff [+],
thunderbird [+],
thomas biege [+],
thai duong [+],
thai [+],
ssl certificates [+],
shugo [+],
shell script [+],
shell metacharacters [+],
sensitive operations [+],
security protections [+],
rosenberg [+],
root user [+],
rizzo [+],
resource records [+],
replay attack [+],
raphael geissert [+],
peter bex [+],
party applications [+],
nova [+],
niels heinen [+],
memory operations [+],
marc schoenefeld [+],
login service [+],
location object [+],
license [+],
keystone [+],
keyring [+],
justin c. klein [+],
juri aedla [+],
juri [+],
julius plenz [+],
john firebaugh [+],
internet explorer 7 [+],
information leak [+],
information disclosure [+],
inappropriate permissions [+],
hash tables [+],
gssapi [+],
gnu c library [+],
gabe westmaas [+],
freeradius server [+],
florian weimer [+],
excessive cpu utilization [+],
eric windisch [+],
dolph mathews [+],
dolph [+],
digest authentication [+],
default compiler [+],
data integrity [+],
configuration options [+],
confidential data [+],
charset parameter [+],
character sequences [+],
character device [+],
c library [+],
buffer overflow [+],
authentication mechanism [+],
arthur gerkis [+],
archive files [+],
arbitrary commands [+],
arbitrary code execution [+],
apache tomcat [+],
antoine delignat [+],
alec warner [+],
administrative privileges [+],
access resources [+],
access controls [+],
virtual group [+],
server request [+],
protocol implementation [+],
performance regressions [+],
message editor [+],
group names [+],
document applications [+],
datagram sockets [+],
security [+],
usn [+],
ubuntu [+],
xcom [+],
unix and linux [+],
identityminder [+],
data transport [+],
ca xcom [+],
ca arcserve [+],
arcserve backup [+],
arcserve [+],
application crash [+],
ruby [+],
security notice [+],
man in the middle attack [+],
automated system [+],
zend engine,
xosoft,
xdmcp,
x.org,
wireless interface,
william grant,
wilfried weissmann,
wilfried,
wen nienhuys,
webscan,
web viewer,
web script,
web packages,
web library,
web browser plugin,
vulnerability,
vulnerabilities,
volker lendecke,
visual basic for applications,
virtual lan,
vijayakumar,
venkatesan,
vega,
vasiliy kulikov,
usb devices,
unsafe manner,
unprivileged users,
uninitialized pointer,
udp packets,
udf file system,
uart driver,
tty driver,
transmission protocol,
tomas hoger,
tom lane,
tim brown,
tiff library,
tiff images,
thunderbird 3,
thomas pollet,
temporary files,
tavis ormandy,
tar file,
tar archives,
system web,
system state archive,
system privileges,
system cache,
suresh jayaraman,
stream control,
storage resources,
steve fink,
stephan mueller,
stefan schurtz,
stack contents,
sql injection,
source package,
source format,
software properties,
snmp server,
smedberg,
smart cards,
siteminder,
simon ruderich,
shift jis,
shell escape,
shell commands,
shadow utilities,
session fixation vulnerability,
service desk,
service,
server names,
server extension,
server configurations,
server certificates,
server certificate,
security restrictions,
security modules,
security groups,
security group,
security flaws,
secret key,
scsi subsystem,
schwenk,
sauli,
samba server,
ryan sweat,
ryan lortie,
rose,
root privilege,
romain perier,
rohit karajgi,
robert swiecki,
rob hulswit,
rilling,
righi,
resource exhaustion,
resource consumption,
repositories,
remi,
regression,
recursion,
ravikumar,
raphael hertzog,
rafael dominguez,
query strings,
qt application,
python library,
puppet master,
public key cryptography,
psp image,
psformx,
proxy servers,
proxy authentication,
protocol library,
protocol driver,
proc filesystem,
privileged operations,
prime numbers,
polina genova,
png image,
plaintext attack,
plaintext,
pkcs 7,
php server,
php interpreter,
philip martin,
petr matousek,
peter huewe,
peter eisentraut,
permission checks,
perier,
performance manager,
paul mcmillan,
password reset requests,
password hashes,
partition table,
parser,
paris,
padraig brady,
padraig,
ownership options,
overwrite files,
output management,
output,
open document,
omair,
ogg files,
nvidia graphics,
null pointer dereference,
null pointer,
nova api,
notice 1319,
nis groups,
nis,
nils philippsen,
nils,
nick bowler,
nfsv4,
nfs server,
network stack,
network security services,
network protocol,
network packets,
nelson elhage,
neil horman,
neil brown,
neel mehta,
neel,
nachi,
ms word documents,
mitm,
mit kerberos,
mime messages,
midi interface,
message header,
message digest algorithm,
memory subsystem,
memory safety,
memory regions,
memory issues,
memory exhaustion,
memory corruption,
memory consumption,
memory allocator,
memory allocations,
memory allocation,
memory accesses,
mccreight,
matthias weckbecker,
matthew hall,
mathias svensson,
martin barbella,
markus vervier,
marc deslauriers,
manifests,
manager apport,
manager application,
management web,
malicious server,
malicious scripts,
lts,
louis,
lou,
lortie,
lonn,
login screen,
log entries,
locale data,
local file system,
linux security,
linux kernels,
ldm,
language settings,
language selector,
kulikov,
kssl,
kristian erik hermansen,
krb5,
kotur,
kononenko,
keyrings,
kevin chen,
kernels,
kernel stack,
kernel module,
kernel memory,
kerberos 5,
ken mixter,
kaspar brand,
justin ferguson,
jpeg files,
jpeg data,
josh aas,
jorg schwenk,
jonathan foote,
jonathan brossard,
john schoenick,
joel becker,
jim blandy,
jetty,
jesse ruderman,
jayaraman,
java software,
jason smith,
jar files,
jamie strandboge,
j. aedla,
ivan nestlerode,
ioctl,
invalid sequences,
intel i915,
intel gigabit ethernet,
integer overflow,
installation script,
insecure connection,
input function,
indirection,
incorrect reference,
incorrect permissions,
image registration,
igor bukanov,
ian beer,
huzaifa sidhpurwala,
hutchings,
huey,
httpserver,
https certificates,
hotmail inbox,
hostnames,
horman,
home directory path,
hfs filesystem,
heinen,
hebrew text,
heap memory,
header names,
header length,
hashes,
hash values,
hash table,
hans spaans,
group restrictions,
group conversations,
graphics driver,
gpg signature,
google,
glx,
glob,
gigabit ethernet driver,
georgi guninski,
georgi,
geoff keating,
gary kwong,
gain privileges,
gabble,
font files,
fm synthesizer,
file uploads,
felix geyer,
felipe ortega,
fallback,
face icon,
evan broder,
eugene,
error conditions,
error condition,
eric dumazet,
eric blake,
encryption keys,
encrypted communications,
emmanuel bouillon,
eisentraut,
einar lonn,
einar,
ehealth,
ec2,
dynamic updates,
drew yao,
dominik george,
document text,
dmrc,
dkim,
distribution center,
disk partition,
disk operations,
directory traversal vulnerability,
diagnostic routines,
dhcp server,
dhcp client,
device names,
deslauriers,
derek higgins,
denis courmont,
demers,
default installation,
deepak bhole,
david zych,
david howells,
david black,
david baron,
dave chinner,
database instance,
data directory,
daniel holbert,
dan prince,
dan jacobson,
dan fandrich,
dan carpenter,
d2d,
cve,
ctcp requests,
cryptographic message syntax,
crash the system,
correct password,
control transmission,
configuration item,
command line options,
colin watson,
client applications,
clement lecigne,
circumstances,
christoph diehl,
christian holler,
chris evans,
chris blizzard,
chm,
child processes,
chen haogang,
certificate name,
certificate authority,
cd roms,
can protocol,
cameron meadors,
cache directory,
cache directories,
ca xosoft,
ca certificates,
bus interface,
bujak,
browser error messages,
browser engine,
brossard,
broder,
brian hackett,
brian gorenc,
brian bondy,
brad spengler,
boris zbarsky,
bob clary,
bluetooth stack,
blowfish algorithm,
bill mccloskey,
bhole,
benjamin smedberg,
ben hutchings,
be2net,
basedir,
authorization requests,
authoritative server,
austin,
attackers,
array bounds,
arm architecture,
architectures,
arbitrary web,
arbitrary users,
arbitrary system,
arbitrary locations,
arbitrary data,
arbitrary configuration,
apache web server,
andy whitcroft,
andy davis,
andrew sutherland,
andrew mccreight,
andrew griffiths,
andreas gal,
andrea righi,
alexandre poirot,
alexander duyck,
alan cox,
al viro,
administrative users,
admin privileges,
adam baldwin,
activex,
abstractions
Skip to page:
1
2
3
...
5
-
-
19:11
»
Packet Storm Security Advisories
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
19:11
»
Packet Storm Security Advisories
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
19:11
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
19:11
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
19:11
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
19:11
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
-
-
15:57
»
Packet Storm Security Advisories
Ubuntu Security Notice 1676-1 - Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.
-
15:57
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1676-1 - Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.
-
15:57
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1676-1 - Dan Rosenberg discovered that the example AppArmor profile for chromium-browser could be escaped by calling xdg-settings with a crafted environment.
-
10:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1675-1 - It was discovered that FFmpeg incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
10:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1674-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
21:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1673-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1673-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1673-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1671-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1671-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1671-1 - A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1670-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1670-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:33
»
Packet Storm Security Advisories
Ubuntu Security Notice 1669-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:33
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1669-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
21:33
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1669-1 - A flaw was discovered in the Linux kernel's handling of new hot plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system.
-
-
16:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
-
16:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
-
16:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
-
16:57
»
Packet Storm Security Advisories
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:57
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:57
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:56
»
Packet Storm Security Advisories
Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
16:56
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
16:56
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
-
18:14
»
Packet Storm Security Advisories
Ubuntu Security Notice 1665-1 - It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tricked into opening a malicious page, an attacker could exploit this to steal confidential data or perform other security-sensitive operations.
-
18:14
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1665-1 - It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tricked into opening a malicious page, an attacker could exploit this to steal confidential data or perform other security-sensitive operations.
-
18:14
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1665-1 - It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tricked into opening a malicious page, an attacker could exploit this to steal confidential data or perform other security-sensitive operations.
-
-
22:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1662-1 - It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information.
-
22:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1662-1 - It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information.
-
22:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1662-1 - It was discovered that APT set inappropriate permissions on the term.log file. A local attacker could use this flaw to possibly obtain sensitive information.
-
22:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1664-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
22:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1664-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
22:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1664-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
22:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
-
22:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
-
22:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
-
-
21:02
»
Packet Storm Security Advisories
Ubuntu Security Notice 1661-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
21:02
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1661-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
21:02
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1661-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
21:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1660-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
21:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1660-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
21:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1660-1 - Zhang Zuotao discovered a bug in the Linux kernel's handling of overlapping fragments in ipv6. A remote attacker could exploit this flaw to bypass firewalls and initial new network connections that should have been blocked by the firewall.
-
-
18:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1659-1 - It was discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
18:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
18:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
18:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1658-1 - It was discovered that MySQL incorrectly handled certain long arguments. A remote authenticated attacker could use this issue to possibly execute arbitrary code.
-
7:56
»
Packet Storm Security Advisories
Ubuntu Security Notice 1657-1 - It was discovered that Bind incorrectly handled certain crafted queries when DNS64 was enabled. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
7:56
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1657-1 - It was discovered that Bind incorrectly handled certain crafted queries when DNS64 was enabled. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
7:56
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1657-1 - It was discovered that Bind incorrectly handled certain crafted queries when DNS64 was enabled. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
-
15:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
-
15:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
-
15:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
-
15:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
-
15:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
-
15:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
-
15:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
-
15:44
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
-
-
15:47
»
Packet Storm Security Advisories
Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
15:47
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
15:47
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
-
15:32
»
Packet Storm Security Advisories
Ubuntu Security Notice 1638-3 - USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem.
-
15:32
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1638-3 - USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem.
-
15:32
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1638-3 - USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem.
-
-
7:20
»
Packet Storm Security Advisories
Ubuntu Security Notice 1430-5 - USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging.
-
7:20
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1430-5 - USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging.
-
7:20
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1430-5 - USN-1430-3 fixed vulnerabilities in Thunderbird. This update provides an updated mozilla-devscripts which produces packaged addons compatible with the latest thunderbird packaging.
-
7:19
»
Packet Storm Security Advisories
Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
-
7:19
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
-
7:19
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
-
7:19
»
Packet Storm Security Advisories
Ubuntu Security Notice 1651-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
7:19
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1651-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
7:19
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1651-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
7:19
»
Packet Storm Security Advisories
Ubuntu Security Notice 1650-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
7:19
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1650-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
7:19
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1650-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.
-
-
22:52
»
Packet Storm Security Advisories
Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.
-
22:52
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.
-
22:52
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.
-
-
16:31
»
Packet Storm Security Advisories
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:31
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
16:31
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
8:20
»
Packet Storm Security Advisories
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
8:20
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
8:20
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1639-1 - It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
15:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.
-
15:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.
-
15:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.
-
15:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
15:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
15:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
-
-
13:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1632-2 - USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Various other issues were also addressed.
-
13:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1632-2 - USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Various other issues were also addressed.
-
13:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1632-2 - USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Various other issues were also addressed.
-
-
23:06
»
Packet Storm Security Advisories
Ubuntu Security Notice 1632-1 - James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.
-
23:06
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1632-1 - James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.
-
23:06
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1632-1 - James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.
-
-
16:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1630-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
-
16:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
16:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
16:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1629-1 - Tomas Mraz discovered that libproxy incorrectly handled certain PAC files. A remote attacker could use this issue to cause libproxy to crash, or to possibly execute arbitrary code.
-
-
15:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1628-1 - Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.
-
15:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1628-1 - Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.
-
15:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1628-1 - Juliano Rizzo and Thai Duong discovered a flaw in the Transport Layer Security (TLS) protocol when it is used with data compression. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update disables TLS data compression in Qt by default.
-
11:19
»
Packet Storm Security Advisories
Ubuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
-
11:19
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
-
11:19
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
-
-
16:17
»
Packet Storm Security Advisories
Ubuntu Security Notice 1625-1 - Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.
-
16:17
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1625-1 - Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.
-
16:17
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1625-1 - Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.
-
-
19:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1624-1 - It was discovered that Remote Login Service incorrectly purged account information when switching users. A local attacker could use this issue to possibly obtain sensitive information.
-
19:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1624-1 - It was discovered that Remote Login Service incorrectly purged account information when switching users. A local attacker could use this issue to possibly obtain sensitive information.
-
19:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1624-1 - It was discovered that Remote Login Service incorrectly purged account information when switching users. A local attacker could use this issue to possibly obtain sensitive information.
-
19:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
19:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
19:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1623-1 - It was discovered that Mesa incorrectly handled certain arrays. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.
-
-
15:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
-
15:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
-
15:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
-
15:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
-
15:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
-
15:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
-
8:15
»
Packet Storm Security Advisories
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
8:15
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
8:15
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
-
-
13:48
»
Packet Storm Security Advisories
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
13:48
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
13:48
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
-
7:24
»
Packet Storm Security Advisories
Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
7:24
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
7:24
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
-
17:09
»
Packet Storm Security Advisories
Ubuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.
-
17:09
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.
-
17:09
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1615-1 - It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. Various other issues were also addressed.
-
-
20:24
»
Packet Storm Security Advisories
Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.
-
20:24
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.
-
20:24
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1614-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. Various other issues were also addressed.
-
20:21
»
Packet Storm Security Advisories
Ubuntu Security Notice 1603-2 - USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. Various other issues were also addressed.
-
20:21
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1603-2 - USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. Various other issues were also addressed.
-
20:21
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1603-2 - USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. Various other issues were also addressed.
-
-
23:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1613-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
-
23:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1613-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
-
-
14:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1612-1 - It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.
-
14:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1612-1 - It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.
-
14:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1612-1 - It was discovered that libgssglue incorrectly handled the GSSAPI_MECH_CONF environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges.
-
-
16:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.
-
16:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.
-
16:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1609-1 - A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.
-
-
23:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.
-
23:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.
-
23:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1605-1 - It was discovered that Quagga incorrectly handled certain malformed messages. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service.
-
8:04
»
Packet Storm Security Advisories
Ubuntu Security Notice 1604-1 - It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. It was discovered that MoinMoin incorrectly handled group names that contain virtual group names such as "All", "Known" or "Trusted". This could result in a remote user having incorrect permissions. Various other issues were also addressed.
-
8:04
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1604-1 - It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. It was discovered that MoinMoin incorrectly handled group names that contain virtual group names such as "All", "Known" or "Trusted". This could result in a remote user having incorrect permissions. Various other issues were also addressed.
-
-
23:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
23:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
23:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
23:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
23:35
»
Packet Storm Security Advisories
Ubuntu Security Notice 1603-1 - Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
23:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1603-1 - Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
23:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1603-1 - Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
23:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 1602-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
23:34
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1602-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
23:34
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1602-1 - Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions.
-
-
18:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1598-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges.
-
18:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1598-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges.
-
18:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1598-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges.
-
-
17:47
»
Packet Storm Security Advisories
Ubuntu Security Notice 1597-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).
-
17:47
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1597-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).
-
17:47
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1597-1 - A flaw was found in how the Linux kernel passed the replacement session keyring to a child process. An unprivileged local user could exploit this flaw to cause a denial of service (panic).
-
-
19:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1576-2 - USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Various other issues were also addressed.
-
19:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1576-2 - USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Various other issues were also addressed.
-
19:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1576-2 - USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Various other issues were also addressed.
-
19:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1596-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
-
19:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1596-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
-
19:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1596-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.
-
-
16:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:34
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:34
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1593-1 - Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. Various other issues were also addressed.
-
16:33
»
Packet Storm Security Advisories
Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
-
16:33
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
-
16:33
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
-
16:33
»
Packet Storm Security Advisories
Ubuntu Security Notice 1591-1 - Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.
-
16:33
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1591-1 - Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.
-
16:33
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1591-1 - Alec Warner discovered that xdiagnose improperly handled temporary files in welcome.py when creating user-initiated archive files. While failsafeX does not use the vulnerable code, this update removes this functionality to protect any 3rd party applications which import the vulnerable code. In the default Ubuntu installation, this should be prevented by the Yama link restrictions.
-
16:31
»
Packet Storm Security Advisories
Ubuntu Security Notice 1589-1 - It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
-
16:31
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1589-1 - It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
-
16:31
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1589-1 - It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
-
16:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
16:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
16:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1590-1 - It was discovered that QEMU incorrectly handled certain VT100 escape sequences. A guest user with access to an emulated character device could use this flaw to cause QEMU to crash, or possibly execute arbitrary code on the host.
-
-
21:00
»
Packet Storm Security Advisories
CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to execute arbitrary commands or gain elevated access. CA Technologies has issued patches to address the vulnerabilities.
-
21:00
»
Packet Storm Security Recent Files
CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to execute arbitrary commands or gain elevated access. CA Technologies has issued patches to address the vulnerabilities.
-
21:00
»
Packet Storm Security Misc. Files
CA Technologies Support is alerting customers to two potential risks in CA License (also known as CA Licensing). Vulnerabilities exist that can allow a local attacker to execute arbitrary commands or gain elevated access. CA Technologies has issued patches to address the vulnerabilities.
-
14:49
»
Packet Storm Security Advisories
Ubuntu Security Notice 1588-1 - It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
14:49
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1588-1 - It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
14:49
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1588-1 - It was discovered that the apt-add-repository tool incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
-
16:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1551-2 - USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems.
-
16:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1551-2 - USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems.
-
-
11:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
11:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
11:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1587-1 - Juri Aedla discovered that libxml2 incorrectly handled certain memory operations. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
15:17
»
Packet Storm Security Advisories
Ubuntu Security Notice 1585-1 - Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
-
15:17
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1585-1 - Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
-
15:17
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1585-1 - Timo Warns discovered that FreeRADIUS incorrectly handled certain long timestamps in client certificates. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
-
15:16
»
Packet Storm Security Advisories
Ubuntu Security Notice 1584-1 - Justin C. Klein Keane discovered that the Transmission web client incorrectly escaped certain strings. If a user were tricked into opening a specially crafted torrent file, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.
-
15:16
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1584-1 - Justin C. Klein Keane discovered that the Transmission web client incorrectly escaped certain strings. If a user were tricked into opening a specially crafted torrent file, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.
-
15:16
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1584-1 - Justin C. Klein Keane discovered that the Transmission web client incorrectly escaped certain strings. If a user were tricked into opening a specially crafted torrent file, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks.
-
-
19:47
»
Packet Storm Security Advisories
Ubuntu Security Notice 1583-1 - It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.
-
19:47
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1583-1 - It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.
-
19:47
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1583-1 - It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.
-
-
8:04
»
Packet Storm Security Advisories
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
8:04
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
8:04
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.
-
-
11:27
»
Packet Storm Security Advisories
Ubuntu Security Notice 1576-1 - Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
-
11:27
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1576-1 - Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
-
11:27
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1576-1 - Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges.
-
-
10:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1570-1 - It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.
-
10:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1570-1 - It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.
-
10:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1570-1 - It was discovered that GnuPG used a short ID when downloading keys from a keyserver, even if a long ID was requested. An attacker could possibly use this to return a different key with a duplicate short key id.
-
10:29
»
Packet Storm Security Advisories
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
10:29
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
10:29
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1569-1 - It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. Various other issues were also addressed.
-
-
18:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1565-1 - Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.
-
18:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1565-1 - Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.
-
18:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1565-1 - Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.
-
18:52
»
Packet Storm Security Advisories
Ubuntu Security Notice 1564-1 - Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.
-
18:52
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1564-1 - Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.
-
18:52
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1564-1 - Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.
-
18:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1566-1 - It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
18:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1566-1 - It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
18:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1566-1 - It was discovered that Bind incorrectly handled certain specially crafted long resource records. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
-
19:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1563-1 - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.
-
19:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1563-1 - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.
Skip to page:
1
2
3
...
5