No Image

USN-4641-1: libextractor vulnerabilities

2020-11-24 KENNETH 0

USN-4641-1: libextractor vulnerabilities It was discovered that Libextractor incorrectly handled zero sample rate. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15266) It was discovered that Libextractor incorrectly handled certain FLAC metadata. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15267) It was discovered that Libextractor incorrectly handled certain specially crafted files. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15600, CVE-2018-16430, CVE-2018-20430) It was discovered that Libextractor incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15601) It was discovered that Libextractor incorrectly handled integers. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-15602) It was discovered that Libextractore incorrectly handled certain crafted files. An attacker could possibly use this issue [ more… ]

No Image

USN-4640-1: PulseAudio vulnerability

2020-11-24 KENNETH 0

USN-4640-1: PulseAudio vulnerability James Henstridge discovered that an Ubuntu-specific patch caused PulseAudio to incorrectly handle snap client connections. An attacker could possibly use this to expose sensitive information. Source: USN-4640-1: PulseAudio vulnerability

No Image

USN-4634-2: OpenLDAP vulnerabilities

2020-11-23 KENNETH 0

USN-4634-2: OpenLDAP vulnerabilities USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Source: USN-4634-2: OpenLDAP vulnerabilities

No Image

USN-4637-2: Firefox vulnerabilities

2020-11-20 KENNETH 0

USN-4637-2: Firefox vulnerabilities USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting (XSS) attacks, bypass Content Security Policy (CSP) restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Source: USN-4637-2: Firefox vulnerabilities

No Image

USN-4639-1: phpMyAdmin vulnerabilities

2020-11-20 KENNETH 0

USN-4639-1: phpMyAdmin vulnerabilities It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. (CVE-2018-19968) It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. (CVE-2018-19970) It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting (XSS) attack via a crafted URL. (CVE-2018-7260) It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database name. (CVE-2019-11768) It was discovered that phpmyadmin incorrectly handled some requests. An attacker could possibly use this to perform a CSRF attack. (CVE-2019-12616) It was discovered that phpMyAdmin failed to sanitize [ more… ]