Tag
#ubuntu
Ubuntu Security Notice 6240-1 - It was discovered that FRR incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6203-2 - USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.
Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.
CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.
Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.
Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.
WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.
CMS NEXIN version 2.0 appears to leave default credentials installed after installation.
Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.