0% found this document useful (0 votes)

18 views

certin 3rd round machine ubuntu

The document outlines multiple vulnerabilities affecting various versions of Ubuntu, including Canonical Ubuntu Linux SEoL (18.04.x) and several LTS versions from 14.04 to 24.04. Key issues include security vulnerabilities in Python, Kerberos, libarchive, and Apache Maven, which can lead to remote code execution, denial of service, and other security risks. Users are advised to update affected packages and migrate to supported versions to mitigate these vulnerabilities.

Uploaded by

MRITYUNJAY SHUKLA

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views

certin 3rd round machine ubuntu

Uploaded by

MRITYUNJAY SHUKLA

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 60

VULNERABILITY - 1 # Canonical Ubuntu Linux SEoL

(18.04.x)
Location of ~
Vulnerability/Error
Vulnerable location, http://192.168.125.96/forgot-password
parameter, path, link
Name of Canonical Ubuntu Linux SEoL (18.04.x)
Vulnerability/Summary
According to its version, Canonical Ubuntu Linux is 18.04.x. It is, therefore, no
longer maintained by its vendor or provider.
Lack of support implies that no new security patches for the product will be
released by the vendor. As a result, it may contain security vulnerabilities.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Upgrade to a version of Canonical Ubuntu Linux that is currently supported.
VULNERABILITY -2 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Python
vulnerabilities (USN-6891-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 :
Vulnerability/Summary Python vulnerabilities (USN-6891-1)

The USN-6891-1 advisory outlines multiple Python vulnerabilities affecting

Ubuntu versions from 14.04 LTS to 23.10. These include risks like remote code
execution, denial of service, CRLF and XML injection, cookie domain validation
flaws, improper ZIP/TAR archive handling, and TLS handshake bypass. Most
critical issues affect Ubuntu 14.04 LTS and 18.04 LTS, while newer versions
face fewer or less severe bugs. Attack vectors include malformed input, pickled
files, crafted HTTP/FTP requests, and unsafe regular expressions. Users are
advised to update Python packages and migrate from older Ubuntu versions to
ensure system security and avoid exploitation of known issues.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -3 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : klibc
vulnerabilities (USN-6736-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 :
Vulnerability/Summary Python vulnerabilities (USN-6891-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 23.10 host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-6736-1 advisory.

It was discovered that zlib, vendored in klibc, incorrectly handled pointer

arithmetic. An attacker could use this issue to cause klibc to crash or to
possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841)

Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled

memory when performing certain deflating operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-
2018-25032)

Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled

memory when performing certain inflate operations. An attacker could use
this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-
2022-37434)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -4 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Kerberos
vulnerabilities (USN-6947-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS : Kerberos vulnerabilities (USN-6947-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 24.04 LTS host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-6947-1 advisory.

It was discovered that Kerberos incorrectly handled GSS message tokens

where an unwrapped token could appear to be truncated. An attacker could
possibly use this issue to cause a denial of service.
(CVE-2024-37370)

It was discovered that Kerberos incorrectly handled GSS message tokens

when sent a token with invalid length fields. An attacker could possibly use
this issue to cause a denial of service. (CVE-2024-37371)

Tenable has extracted the preceding description block directly from the
Ubuntu security advisory..
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -5 # Ubuntu 14.04 LTS / 16.04 LTS /

18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 :
Kerberos vulnerability (USN-7257-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS / 24.10 : Kerberos vulnerability (USN-7257-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a
vulnerability as referenced in the USN-7257-1 advisory.

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.

This update introduces support for the Message-Authenticator attribute in

non-EAP authentication methods for communications between Kerberos and a
RADIUS server.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -6 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : libarchive
vulnerabilities (USN-7070-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS : libarchive vulnerabilities (USN-7070-1)

It was discovered that libarchive mishandled certain memory checks, which

could result in a NULL pointer dereference. An attacker could potentially use
this issue to cause a denial of service. This issue only affected Ubuntu 14.04
LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu
22.04 LTS.
(CVE-2022-36227)

It was discovered that libarchive mishandled certain memory operations,

which could result in an out-of- bounds memory access. An attacker could
potentially use this issue to cause a denial of service. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-48957, CVE-2024-
48958)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -7 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : rsync
vulnerabilities (USN-7206-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS : rsync vulnerabilities (USN-7206-1)

The USN-7206-1 advisory highlights several serious vulnerabilities affecting the

rsync utility on Ubuntu versions ranging from 14.04 LTS to 24.04 LTS.
Researchers Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered
multiple flaws related to how rsync handles checksums and symbolic links. One
issue involves improper handling of checksum lengths, which could allow remote
code execution, while another relates to comparing checksums using uninitialized
memory, potentially leading to information leaks. Additional vulnerabilities
include the incorrect handling of file checksums, which could expose client files
when connected to a malicious server, and mishandling of symbolic links, which
could enable attackers to write files outside the intended directories or perform
path traversal attacks. Furthermore, Aleksei Gorban discovered a race condition
in rsync's symlink handling that could allow unauthorized access to sensitive data
or privilege escalation. These vulnerabilities pose significant security risks, and
affected systems should be updated promptly
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages

VULNERABILITY -8 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Maven Shared
Utils vulnerability (USN-6730-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache
Vulnerability/Summary Maven Shared Utils vulnerability (USN-6730-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS
host has a package installed that is affected by a vulnerability as referenced
in the USN-6730-1 advisory.

It was discovered that Apache Maven Shared Utils did not handle double-
quoted strings properly, allowing shell injection attacks. This could allow an
attacker to run arbitrary code.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages

VULNERABILITY -9# Ubuntu 14.04 LTS / 16.04 LTS / 18.04
LTS / 20.04 LTS / 24.04 LTS : Expat vulnerabilities (USN-
7000-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS : Expat
Vulnerability/Summary vulnerabilities (USN-7000-1)

Shang-Hung Wan discovered that Expat did not properly handle certain
function calls when a negative input length was provided. An attacker could
use this issue to cause a denial of service or possibly execute arbitrary code.
(CVE-2024-45490)

Shang-Hung Wan discovered that Expat did not properly handle the potential
for an integer overflow on 32-bit platforms. An attacker could use this issue to
cause a denial of service or possibly execute arbitrary code. (CVE-2024-
45491, CVE-2024-45492)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages

VULNERABILITY -10 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS : GNU C Library vulnerabilities (USN-6762-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GNU C Library vulnerabilities
Vulnerability/Summary (USN-6762-1)

The USN-6762-1 advisory identifies several vulnerabilities in the GNU C Library

(glibc) affecting Ubuntu 14.04 LTS, with some broader implications. These flaws
include improper handling of netgroup requests, potential denial-of-service
conditions, and critical issues like integer overflows and buffer overflows when
processing long pathnames or handling buffers, particularly on 32-bit
architectures. Such vulnerabilities could allow attackers to crash applications or
potentially execute arbitrary code. Additionally, a flaw in the iconv feature
related to handling specific input sequences poses similar risks. These issues
highlight the importance of applying security updates promptly, especially on
older systems like Ubuntu 14.04 LTS, which are more susceptible to exploitation
due to outdated packages
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages

VULNERABILITY -11 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 ESM / 22.04 ESM : Apache Maven vulnerability
(USN-5245-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Apache Maven
Vulnerability/Summary vulnerability (USN-5245-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has
packages installed that are affected by a vulnerability as referenced in the
USN-5245-1 advisory.

It was discovered that Apache Maven followed repositories that are defined in
a dependency's Project Object Model (pom) even if the repositories weren't
encrypted (http protocol). An attacker could use this vulnerability to take over
a repository, execute arbitrary code or cause a denial of service.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected libmaven3-core-java and / or maven packages.

VULNERABILITY -12 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 ESM / 22.04 ESM : xrdp vulnerabilities (USN-6474-
1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : xrdp vulnerabilities
Vulnerability/Summary (USN-6474-1)

The USN-6474-1 advisory reports several vulnerabilities in the xrdp package

affecting Ubuntu 16.04 ESM, 18.04 ESM, 20.04 ESM, and 22.04 ESM. These
issues primarily stem from improper validation of client-supplied data, leading to
out-of-bounds reads and writes. Such flaws could allow attackers to crash the
xrdp service, extract sensitive information, or potentially execute arbitrary code.
Additionally, a vulnerability in handling session errors could permit bypassing
OS-level session restrictions enforced by PAM. The severity and scope of these
vulnerabilities vary across Ubuntu versions, with more recent LTS versions like
20.04 and 22.04 being affected by a broader range of issues.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected xorgxrdp, xrdp and / or xrdp-pulseaudio-installer

packages.
VULNERABILITY -13 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 ESM : ZeroMQ vulnerabilities (USN-4920-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : ZeroMQ vulnerabilities (USN-
Vulnerability/Summary 4920-1)

The USN-4920-1 advisory highlights several security vulnerabilities in ZeroMQ

affecting Ubuntu 16.04 ESM, 18.04 ESM, and 20.04 ESM systems. These flaws
primarily involve improper handling of application metadata, network traffic, and
memory. Remote attackers—especially unauthenticated ones—could exploit
these issues to crash the ZeroMQ server or potentially execute arbitrary code.
Some vulnerabilities allow denial-of-service conditions by sending malformed or
excessively large messages, while others stem from flawed memory management
during communication with compromised servers. The impact is especially
critical for Ubuntu 18.04 and 20.04 ESM systems.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected libzmq3-dev and / or libzmq5 packages.

VULNERABILITY -14 # Ubuntu 16.04 ESM / 18.04 ESM :
BusyBox vulnerabilities (USN-6335-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM : BusyBox vulnerabilities (USN-6335-1)
Vulnerability/Summary
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that
are affected by multiple vulnerabilities as referenced in the USN-6335-1
advisory.
It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to cause
BusyBox to crash, resulting in a denial of service, or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2021-28831)
It was discovered that BusyBox did not properly validate user input when
performing certain arithmetic operations. If a user or automated system were
tricked into processing a specially crafted file, an attacker could possibly use
this issue to cause BusyBox to crash, resulting in a denial of service, or
execute arbitrary code. (CVE-2022-48174)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -15 # Ubuntu 16.04 ESM / 18.04 ESM :
Oniguruma vulnerabilities (USN-5662-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM : Oniguruma vulnerabilities (USN-5662-1)
Vulnerability/Summary
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that
are affected by multiple vulnerabilities as referenced in the USN-5662-1
advisory.

It was discovered that Oniguruma incorrectly handled certain regular

expressions. An attacker could possibly use this issue to cause a denial of
service, obtain sensitive information or other unspecified impact. This issue
only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-16163,
CVE-2019-19012, CVE-2019-19204, CVE-2019-19246)

It was discovered that Oniguruma incorrectly handled memory when using

certain UChar pointers. An attacker could possibly use this issue to cause a
denial of service or sensitive information disclosure.
(CVE-2019-19203)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected libonig-dev, libonig2 and / or libonig4 packages.
VULNERABILITY -16 # Ubuntu 16.04 ESM / 18.04 ESM :
OpenSSH vulnerability (USN-6242-2)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM : OpenSSH vulnerability (USN-6242-2)
Vulnerability/Summary
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that
are affected by a vulnerability as referenced in the USN-6242-2 advisory.

USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the

corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu
18.04 LTS
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -17 # Ubuntu 16.04 ESM / 18.04 ESM :
Python vulnerability (USN-6354-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6354-1)
Vulnerability/Summary
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that
are affected by a vulnerability as referenced in the USN-6354-1 advisory.

It was discovered that Python did not properly handle XML entity declarations
in plist files. An attacker could possibly use this vulnerability to perform an
XML External Entity (XXE) injection, resulting in a denial of service or
information disclosure.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -18 # Ubuntu 16.04 ESM / 18.04 ESM :
X.Org X Server vulnerabilities (USN-6587-2)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM : X.Org X Server vulnerabilities (USN-6587-2))
Vulnerability/Summary
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that
are affected by multiple vulnerabilities as referenced in the USN-6587-2
advisory.

USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the

corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -19 # Ubuntu 16.04 LTS / 18.04 LTS /
20.04 LTS / 22.04 LTS / 24.04 LTS : GLib vulnerability
(USN-7114-1))
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : GLib
Vulnerability/Summary vulnerability (USN-7114-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages
installed that are affected by multiple vulnerabilities as referenced in the
USN-6305-2 advisory.

USN-6305-1 fixed several vulnerabilities in PHP. This update provides the

corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -20# Ubuntu 16.04 LTS / 18.04 LTS :

Apache HTTP Server vulnerabilities (USN-6885-3)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-
Vulnerability/Summary 6885-

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that
are affected by multiple vulnerabilities as referenced in the USN-6885-3
advisory.
USN-6885-1 fixed several vulnerabilities in Apache. This update provides the
corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -21 # Ubuntu 16.04 LTS / 18.04 LTS : Git
vulnerabilities (USN-7023-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-7023-1)
Vulnerability/Summary
The remote Ubuntu 16.04 LTS and 18.04 LTS systems are affected by multiple
Git-related vulnerabilities as detailed in USN-7023-1. These include issues with
gettext handling (CVE-2023-25815), submodule processing (CVE-2024-32002),
and cloning repositories (CVE-2024-32004, CVE-2024-32465), which could
allow attackers to place crafted messages or execute arbitrary code. Additionally,
vulnerabilities involving local clones with hardlinked files (CVE-2024-32020)
and symlink handling (CVE-2024-32021) may let attackers manipulate repository
contents or compromise system integrity. These flaws have been addressed in
updated Git packages for the respective Ubuntu versions.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -22 # Ubuntu 16.04 LTS / 18.04 LTS : PHP
vulnerability (USN-7153-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS : Git vulnerabilities (USN-7023-1)
Vulnerability/Summary
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that
are affected by a vulnerability as referenced in the USN-7153-1 advisory.

It was discovered that PHP incorrectly handled long string inputs in two
database drivers. An attacker could possibly use this

issue to write files in locations they would not normally have access to. (CVE-
2024-11236)
.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -23 # Ubuntu 16.04 LTS / 18.04 LTS :
Wget vulnerability (USN-6852-2)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS : Wget vulnerability (USN-6852-2)
Vulnerability/Summary
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is
affected by a vulnerability as referenced in the USN-6852-2 advisory

USN-6852-1 fixed a vulnerability in Wget. This update provides the

corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -24 # Ubuntu 18.04 ESM / 20.04 LTS /
22.04 LTS : Vim vulnerabilities (USN-6420-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6420-1)
Vulnerability/Summary
The remote Ubuntu 18.04 ESM, 20.04 LTS, and 22.04 LTS systems
are impacted by multiple vulnerabilities in Vim, as outlined in USN-
6420-1. These vulnerabilities primarily involve improper memory
handling and insufficient input validation when opening specially
crafted files or executing certain commands. Exploiting these flaws
could lead to crashes, denial of service, or potentially allow
attackers to execute arbitrary code. Several issues are specific to
certain Ubuntu versions, with some affecting only 22.04 LTS and
others impacting multiple versions. Updates have been released to
address these security concerns.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -25 # Ubuntu 18.04 ESM : Python
vulnerability (USN-5931-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 18.04 ESM : Python vulnerability (USN-5931-1)
Vulnerability/Summary
The remote Ubuntu 18.04 ESM host has packages installed that are affected
by a vulnerability as referenced in the USN-5931-1 advisory.

It was discovered that Python incorrectly handled certain inputs. If a user or

an automated system were tricked into running a specially crafted input, a
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-37454)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -26# Ubuntu 18.04 ESM / 20.04 ESM :
libmysofa vulnerability (USN-5184-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 18.04 ESM / 20.04 ESM : libmysofa vulnerability (USN-5184-1)
Vulnerability/Summary
The remote Ubuntu 18.04 ESM / 20.04 ESM host has packages installed that
are affected by a vulnerability as referenced in the USN-5184-1 advisory.

It was discovered that libmysofa mishandled certain input. An attacker

could use this vulnerability to cause a denial of service (crash).
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots
Workaround / Solutions Update the affected packages.
VULNERABILITY -27# Ubuntu 16.04 LTS / 18.04 LTS /
20.04 LTS : PHP vulnerabilities (USN-6305-2)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-6305-2)
Vulnerability/Summary
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages
installed that are affected by multiple vulnerabilities as referenced in the
USN-6305-2 advisory.

USN-6305-1 fixed several vulnerabilities in PHP. This update provides the

corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS.).
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -28# Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS :
libcdio vulnerability (USN-6855-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 /
Vulnerability/Summary 24.04 LTS : libcdio vulnerability (USN-6855-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a
vulnerability as referenced in the USN-6855-1 advisory.

Mansour Gashasbi discovered that libcdio incorrectly handled certain

memory operations when parsing an ISO file, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service

or possibly execute arbitrary code.

Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots
Workaround / Solutions Update the affected packages.
VULNERABILITY -29 Ubuntu 14.04 LTS / 16.04 LTS / 18.04
LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. : less
vulnerability (USN-6756-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 /
Vulnerability/Summary 24.04 LTS. : less vulnerability (USN-6756-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a
vulnerability as referenced in the USN-6756-1 advisory.

It was discovered that less mishandled newline characters in file names. If a

user or automated system were tricked into opening specially crafted files, an
attacker could possibly use this issue to execute arbitrary commands on the
host.

Tenable has extracted the preceding description block directly from the
Ubuntu security advisory.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots
Workaround / Solutions Update the affected packages.
VULNERABILITY -30 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Vim
vulnerability (USN-6698-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 :
Vulnerability/Summary Vim vulnerability (USN-6698-1) The remote Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are
affected by a vulnerability as referenced in the USN-6698-1 advisory.

Zhen Zhou discovered that Vim did not properly manage memory. An
attacker could possibly use this issue to cause a denial of service.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -31 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : X.Org X Server
vulnerabilities (USN-6721-1))
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 :
Vulnerability/Summary X.Org X Server vulnerabilities (USN-6721-1).

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 23.10 host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-6721-1 advisory.

It was discovered that X.Org X Server incorrectly handled certain data. An

attacker could possibly use this issue to expose sensitive information. (CVE-
2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs. An

attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -32 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 :
Jinja2 vulnerabilities (USN-7343-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS / 24.10 : Jinja2 vulnerabilities (USN-7343-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 23.10 host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-6721-1 advisory.

It was discovered that X.Org X Server incorrectly handled certain data. An

attacker could possibly use this issue to expose sensitive information. (CVE-
2024-31080, CVE-2024-31081, CVE-2024-31082)

It was discovered that X.Org X Server incorrectly handled certain glyphs. An

attacker could possibly use this issue to cause a crash or expose sensitive
information. (CVE-2024-31083
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -33 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Setuptools
vulnerability (USN-7002-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04
Vulnerability/Summary LTS : Setuptools

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS / 24.04 LTS host has packages installed that are affected by a
vulnerability as referenced in the USN-7002-1 advisory.

It was discovered that setuptools was vulnerable to remote code execution.

An attacker could possibly use this issue to execute arbitrary code.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -34 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerabilities
(USN-7015-5)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python
Vulnerability/Summary vulnerabilities (USN-7015-5)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04
LTS host has packages installed that are affected by multiple vulnerabilities
as referenced in the USN-7015-5 advisory.

USN-7015-1 fixed several vulnerabilities in Python. This update provides the

corresponding update for CVE-2024-6232 and CVE-2024-6923 for
python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 23.10 : LibTIFF
Vulnerability/Summary vulnerabilities (USN-6644-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 23.10
host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-6644-1 advisory

It was discovered that LibTIFF incorrectly handled certain files. If a user

were tricked into opening a specially crafted file, an attacker could possibly
use this issue to cause the application to crash, resulting in a denial of
service. (CVE-2023-52356)

It was discovered that LibTIFF incorrectly handled certain image files with
the tiffcp utility. If a user were tricked into opening a specially crafted image
file, an attacker could possibly use this issue to cause tiffcp to crash,
resulting in a denial of service. (CVE-2023-6228)

It was discovered that LibTIFF incorrectly handled certain files. If a user

were tricked into opening a specially crafted file, an attacker could possibly
use this issue to cause the application to consume resources, resulting in a
denial of service. (CVE-2023-6277)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -35 # Ubuntu 14.04 LTS / 16.04 LTS /

18.04 LTS / 20.04 LTS / 23.10 : LibTIFF vulnerabilities
(USN-6644-1))
VULNERABILITY -36 Ubuntu 14.04 LTS / 16.04 LTS / 18.04
LTS : Bind vulnerabilities (USN-6723-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Bind vulnerabilities (USN-6723-1)
Vulnerability/Summary

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages
installed that are affected by multiple vulnerabilities as referenced in the
USN-6723-1 advisory.

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner

discovered that Bind icorrectly handled validating DNSSEC messages. A
remote attacker could possibly use this issue to cause Bind to consume
resources, leading to a denial of service. (CVE-2023-50387)

It was discovered that Bind incorrectly handled preparing an NSEC3 closest

encloser proof. A remote attacker could possibly use this issue to cause Bind
to consume resources, leading to a denial of service.CVE-2023-50868)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libvpx vulnerability (USN-7249-
Vulnerability/Summary 1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages
installed that are affected by a vulnerability as referenced in the USN-7249-1
advisory.

Xiantong Hou discovered that libvpx would overflow when attempting to

allocate memory for very large images. If an application using libvpx opened
a specially crafted file, a remote attacker could possibly use this issue to
cause the application to crash, resulting in a denial of service, or the
execution of arbitrary code.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -37 # Ubuntu 14.04 LTS / 16.04 LTS /

18.04 LTS : libvpx vulnerability (USN-7249-1)
VULNERABILITY -38 # Ubuntu 14.04 LTS / 16.04 LTS /
18.04 LTS : libxml2 vulnerability (USN-6658-2)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerability (USN-6658-2)
Vulnerability/Summary
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages
installed that are affected by a vulnerability as referenced in the USN-6658-2
advisory.

USN-6658-1 fixed a vulnerability in libxml2. This update provides the

corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : libsndfile
Vulnerability/Summary vulnerabilities (USN-7273-1)+

The remote Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has
packages installed that are affected by multiple vulnerabilities as referenced
in the USN-7273-1 advisory.

It was discovered that libsndfile incorrectly handled memory when executing

its FLAC codec. If a user or automated system were tricked into processing
a specially crafted sound file, an attacker could possibly use this issue to
cause a denial of service or obtain sensitive information. (CVE-2021-4156)

It was discovered that libsndfile incorrectly handled certain malformed

OggVorbis files. An attacker could possibly use this issue to cause libsndfile
to crash, resulting in a denial of service. (CVE-2024-50612)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected libsndfile1, libsndfile1-dev and / or sndfile-programs

packages.

VULNERABILITY -39 # Ubuntu 14.04 LTS / 18.04 LTS /

20.04 LTS / 22.04 LTS : libsndfile vulnerabilities (USN-
7273-1
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : Libcroco vulnerabilities (USN-
Vulnerability/Summary 6958-1)

The remote Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS host has packages
installed that are affected by multiple vulnerabilities as referenced in the
USN-6958-1 advisory.

It was discovered that Libcroco was incorrectly accessing data structures

when reading bytes from memory, which could cause a heap buffer
overflow. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-7960)

It was discovered that Libcroco was incorrectly handling invalid UTF-8

values when processing CSS files.

An attacker could possibly use this issue to cause a denial of service. (CVE-
2017-8834, CVE-2017-8871)

It was discovered that Libcroco was incorrectly implementing recursion in

one of its parsing functions, which could cause an infinite recursion loop and
a stack overflow due to stack consumption. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-12825)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -40 Ubuntu 14.04 LTS / 18.04 LTS / 20.04

LTS : Libcroco vulnerabilities (USN-6958-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 14.04 LTS / 18.04 LTS : PostgreSQL vulnerability (USN-6968-3)
Vulnerability/Summary
The remote Ubuntu 14.04 LTS / 18.04 LTS host has packages installed that
are affected by a vulnerability as referenced in the USN-6968-3 advisory.

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and

PostgreSQL-16.

This update provides the corresponding updates for PostgreSQL-9.3 in

Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -41# Ubuntu 14.04 LTS / 18.04 LTS :

PostgreSQL vulnerability (USN-6968-3)
VULNERABILITY -42 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 ESM / 22.04 ESM : FFmpeg vulnerabilities (USN-
5958-1))
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg
Vulnerability/Summary vulnerabilities (USN-5958-1)\

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host
has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-5958-1 advisory.

It was discovered that FFmpeg could be made to dereference a null pointer.

An attacker could possibly use this to cause a denial of service via
application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-3109,
CVE-2022-3341

It was discovered that FFmpeg could be made to access an out-of-bounds

frame by the Apple RPZA encoder. An attacker could possibly use this to
cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.
(CVE-2022-3964)

It was discovered that FFmpeg could be made to access an out-of-bounds

frame by the QuickTime encoder. An attacker could possibly use this to
cause a denial of service via application crash or access sensitive
information. This issue only affected Ubuntu 22.10. (CVE-2022-3965)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY 43 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 ESM : Wireshark vulnerabilities (USN-6262-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Wireshark vulnerabilities (USN-
Vulnerability/Summary 6262-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages
installed that are affected by multiple vulnerabilities as referenced in the
USN-6262-1 advisory

It was discovered that Wireshark did not properly handle certain NFS
packages when certain configuration options were enabled. An attacker
could possibly use this issue to cause Wireshark to crash, resulting in a
denial of service. (CVE-2020-13164)

It was discovered that Wireshark did not properly handle certain GVCP
packages. An attacker could possibly use this issue to cause Wireshark to
crash, resulting in a denial of service. This issue only affected Ubuntu 20.04
LTS. (CVE-2020-15466)

It was discovered that Wireshark did not properly handle certain Kafka
packages. An attacker could possibly use this issue to cause Wireshark to
crash, resulting in a denial of service. This issue only affected Ubuntu 20.04
LTS. (CVE-2020-17498)

It was discovered that Wireshark did not properly handle certain TCP
packages containing an invalid 0xFFFF checksum. An attacker could
possibly use this issue to cause Wireshark to crash, resulting in a denial of
service. (CVE-2020-25862)

It was discovered that Wireshark did not properly handle certain MIME
packages containing invalid parts.

An attacker could possibly use this issue to cause Wireshark to crash,

resulting in a denial of service.

(CVE-2020-25863)
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -44 Ubuntu 16.04 ESM / 18.04 ESM /

20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Intel Microcode
vulnerability (USN-6485-1))
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Intel
Vulnerability/Summary Microcode vulnerability (USN-6485-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 /
23.10 host has a package installed that is affected by a vulnerability as
referenced in the USN-6485-1 advisory.

Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn,
Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads,
Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan,
and Kostik Shtoyk discovered that some Intel(R) Processors did not properly
handle certain sequences of processor instructions. A local attacker could
possibly use this to cause a core hang (resulting in a denial of service), gain
access to sensitive information or possibly escalate their privileges.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots
Workaround / Solutions Update the affected intel-microcode package.
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim
Vulnerability/Summary vulnerabilities (USN-6452-1)

The remote Ubuntu 16.04 ESM, 18.04 ESM, 20.04 LTS, 22.04 LTS, 23.04,
and 23.10 systems are affected by multiple vulnerabilities in Vim, as outlined
in USN-6452-1. These include issues such as divide-by-zero errors, improper
memory management, arithmetic overflows, and multiple out-of-bounds
write conditions. Exploitation of these flaws could lead to application crashes
(denial of service) or potentially allow attackers to execute arbitrary code.
Several vulnerabilities affect specific Ubuntu versions, highlighting the
importance of applying security updates to protect against these threats.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -45# Ubuntu 16.04 ESM / 18.04 ESM /

20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim vulnerabilities
(USN-6452-1)
VULNERABILITY -46 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim vulnerabilities
(USN-6557-1)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Vim
Vulnerability/Summary vulnerabilities (USN-6557-1)

The remote Ubuntu systems (16.04 ESM, 18.04 ESM, 20.04 LTS, 22.04 LTS,
23.04, and 23.10) are impacted by multiple vulnerabilities in Vim, as
described in USN-6557-1. These flaws include invalid memory
dereferencing, infinite recursion, out-of-bounds writes, divide-by-zero
errors, and improper memory management in various commands (e.g.,
`put`, `spell`, `substitute`). Exploiting these vulnerabilities could allow
attackers to cause application crashes (denial of service) or potentially
execute arbitrary code. Many of these issues are specific to certain Ubuntu
versions, underlining the importance of applying updates promptly to
maintain system security.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY 47 # Ubuntu 16.04 ESM / 18.04 ESM /
20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libsndfile
vulnerability (USN-6471-1)

Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 :
Vulnerability/Summary libsndfile vulnerability (USN-6471-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 /
23.10 host has packages installed that are affected by a vulnerability as
referenced in the USN-6471-1 advisory.

It was discovered that libsndfile contained multiple arithmetic overflows. If a

user or automated system were tricked into processing a specially crafted
audio file, an attacker could possibly use this issue to cause a denial of
service.
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected libsndfile1, libsndfile1-dev and / or sndfile-programs

packages.
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : pip
Vulnerability/Summary vulnerabilities (USN-6473-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 /
23.10 host has packages installed that are affected by multiple vulnerabilities
as referenced in the USN-6473-2 advisory.

USN-6473-1 fixed vulnerabilities in urllib3. This update provides the

corresponding updates for the urllib3 module bundled into pip..
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected package.

VULNERABILITY -48 Ubuntu 16.04 ESM / 18.04 ESM /

20.04 LTS / 22.04 LTS / 23.04 / 23.10 : pip vulnerabilities
(USN-6473-2)
Location of ~
Vulnerability/Error
Vulnerable location, /
parameter, path, link
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 :
Vulnerability/Summary urllib3 vulnerabilities (USN-6473-1))

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 /
23.10 host has packages installed that are affected by multiple vulnerabilities
as referenced in the USN-6473-1 advisory.

It was discovered that urllib3 didn't strip HTTP Authorization header on

cross-origin redirects. A remote attacker could possibly use this

issue to obtain sensitive information. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS.

(CVE-2018-25091)

It was discovered that urllib3 didn't strip HTTP Cookie header on

cross-origin redirects. A remote attacker could possibly use this

issue to obtain sensitive information. (CVE-2023-43804)

It was discovered that urllib3 didn't strip HTTP body on status code 303
redirects under certain circumstances. A remote attacker could

possibly use this issue to obtain sensitive information. (CVE-2023-45803)

Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -49# Ubuntu 16.04 ESM / 18.04 ESM /

20.04 LTS / 22.04 LTS / 23.04 / 23.10 : urllib3
vulnerabilities (USN-6473-1)
Name of Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : GNU C
Vulnerability/Summary Library vulnerabilities (USN-6541-1

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04
host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-6541-1 advisory.

It was discovered that the GNU C Library was not properly handling certain
memory operations. An attacker could possibly use this issue to cause a
denial of service (application crash). (CVE-2023-4806, CVE-2023-4813)

It was discovered that the GNU C library was not properly implementing a
fix for CVE-2023-4806 in certain cases, which could lead to a memory leak.
An attacker could possibly use this issue to cause a denial of service
(application crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu
23.04. (CVE-2023-5156))
Proof of concept and
steps of verification of
vulnerability with clearly
visible screenshots

Workaround / Solutions Update the affected packages.

VULNERABILITY -50# Ubuntu 16.04 ESM / 18.04 ESM /

20.04 LTS / 22.04 LTS / 23.04 : GNU C Library
vulnerabilities (USN-6541-1)

2022 Staticspeed Vunerability Report Template
No ratings yet
2022 Staticspeed Vunerability Report Template
57 pages
Vulnerability Assessment
100% (2)
Vulnerability Assessment
22 pages
Trampoline Training ?: 1 Goal
No ratings yet
Trampoline Training ?: 1 Goal
11 pages
DevOps Interview Questions
100% (3)
DevOps Interview Questions
224 pages
QuantEconlectures Python3 PDF
100% (1)
QuantEconlectures Python3 PDF
1,125 pages
certin 3rd round machine ubuntu (2)
No ratings yet
certin 3rd round machine ubuntu (2)
122 pages
Cloud
No ratings yet
Cloud
8 pages
ATC 2023 PEC4 ANEXO-nessus Report Linux Local and Remote Vunls
No ratings yet
ATC 2023 PEC4 ANEXO-nessus Report Linux Local and Remote Vunls
82 pages
Administrative-report
No ratings yet
Administrative-report
26 pages
Report 5
No ratings yet
Report 5
12 pages
Linux Mint Security
No ratings yet
Linux Mint Security
160 pages
U_CAN_Ubuntu_22-04_LTS_V2R3_Revision_History
No ratings yet
U_CAN_Ubuntu_22-04_LTS_V2R3_Revision_History
3 pages
42VA
No ratings yet
42VA
3 pages
Ubuntu Security Bypass Exploit
No ratings yet
Ubuntu Security Bypass Exploit
5 pages
Report A 2022-10-18 12 04 54
No ratings yet
Report A 2022-10-18 12 04 54
29 pages
Metasploitable - Advanced Scan_us5pc1
No ratings yet
Metasploitable - Advanced Scan_us5pc1
240 pages
CVE Analysis Report
No ratings yet
CVE Analysis Report
5 pages
Overview of Linux Vulnerabilities: Shuangxia Niu Jiansong Mo
No ratings yet
Overview of Linux Vulnerabilities: Shuangxia Niu Jiansong Mo
4 pages
Scan Metasploitable_9gful2
No ratings yet
Scan Metasploitable_9gful2
209 pages
DOC-ContentforSecurityVulnerabilities-POC-140819-0747-184
No ratings yet
DOC-ContentforSecurityVulnerabilities-POC-140819-0747-184
2 pages
Ubuntu Patch Release Frequency
No ratings yet
Ubuntu Patch Release Frequency
4 pages
Ubuntu Pro Description - Deploy May 2024
No ratings yet
Ubuntu Pro Description - Deploy May 2024
24 pages
Scan Report
No ratings yet
Scan Report
35 pages
SC4012 Lecture 5 Other Vulnerabilities
No ratings yet
SC4012 Lecture 5 Other Vulnerabilities
67 pages
apt-update-upgrade
No ratings yet
apt-update-upgrade
18 pages
Applicant Ci313g
No ratings yet
Applicant Ci313g
423 pages
Lab - Week 8
No ratings yet
Lab - Week 8
5 pages
Tech Report
No ratings yet
Tech Report
841 pages
Scan Report
No ratings yet
Scan Report
26 pages
Network Security Audit
0% (2)
Network Security Audit
17 pages
tenable
No ratings yet
tenable
239 pages
article
No ratings yet
article
2 pages
Vulnerability Executive Report 2024-02-13
No ratings yet
Vulnerability Executive Report 2024-02-13
3 pages
13.)Threats and Vulnerability Analysis of Linux
No ratings yet
13.)Threats and Vulnerability Analysis of Linux
29 pages
Precious
No ratings yet
Precious
9 pages
Vulnerability Reports (Vulnerability View) - 20220829092107
No ratings yet
Vulnerability Reports (Vulnerability View) - 20220829092107
33 pages
Sample VM Writeup
No ratings yet
Sample VM Writeup
13 pages
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
No ratings yet
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
32 pages
Nexpose Audit Report
No ratings yet
Nexpose Audit Report
376 pages
U_CAN_Ubuntu_22-04_LTS_STIG_V1_Release_Memo
No ratings yet
U_CAN_Ubuntu_22-04_LTS_STIG_V1_Release_Memo
1 page
WS2012
No ratings yet
WS2012
350 pages
Scan Report
No ratings yet
Scan Report
266 pages
From Write To Root On AIX: A Case Study
No ratings yet
From Write To Root On AIX: A Case Study
5 pages
Final Project
No ratings yet
Final Project
13 pages
CH 17
No ratings yet
CH 17
35 pages
Vulnerabilities Ehip
No ratings yet
Vulnerabilities Ehip
11 pages
Digital Security
No ratings yet
Digital Security
21 pages
Dell EMC Unity - Shell Lockdown (Rbash) On Unity OE 4.5 and Above (User Correctable) - Dell US
No ratings yet
Dell EMC Unity - Shell Lockdown (Rbash) On Unity OE 4.5 and Above (User Correctable) - Dell US
4 pages
A Specimen of Network Security Scan Report
No ratings yet
A Specimen of Network Security Scan Report
68 pages
Locking Down Linux - Using Ubuntu As Your Primary OS, Part 4 (Auditing, Antivirus & Monitoring) Null Byte - WonderHowTo
No ratings yet
Locking Down Linux - Using Ubuntu As Your Primary OS, Part 4 (Auditing, Antivirus & Monitoring) Null Byte - WonderHowTo
23 pages
How To Fix SambaCry Vulnerability CVE-2017-7494 in Linux Systems
No ratings yet
How To Fix SambaCry Vulnerability CVE-2017-7494 in Linux Systems
5 pages
Computer Security and Penetration Testing: Linux Vulnerabilities
No ratings yet
Computer Security and Penetration Testing: Linux Vulnerabilities
35 pages
Top 25 Remediations by Risk With Details
No ratings yet
Top 25 Remediations by Risk With Details
14 pages
Multipass_ Ubuntu Virtual Machines Made Easy - DeV Community
No ratings yet
Multipass_ Ubuntu Virtual Machines Made Easy - DeV Community
10 pages
Locking Down Linux - Using Ubuntu As Your Primary OS, Part 3 (Application Hardening & Sandboxing) Null Byte - WonderHowTo
No ratings yet
Locking Down Linux - Using Ubuntu As Your Primary OS, Part 3 (Application Hardening & Sandboxing) Null Byte - WonderHowTo
13 pages
SBP SUSE Security Report 2023 - en
No ratings yet
SBP SUSE Security Report 2023 - en
28 pages
Security Recommendation For Ubuntu Server Based Systems
No ratings yet
Security Recommendation For Ubuntu Server Based Systems
36 pages
Polkit Authentication Bypass Local Privesc Vulnerability: Rohit Verma, Sonam Nagar, Sudhanshu Kumar
No ratings yet
Polkit Authentication Bypass Local Privesc Vulnerability: Rohit Verma, Sonam Nagar, Sudhanshu Kumar
5 pages
Security Bulletin - Cipher - Week 51 - 2020en-2
No ratings yet
Security Bulletin - Cipher - Week 51 - 2020en-2
49 pages
12 - T4 -OS SEC - Linux Hardening
No ratings yet
12 - T4 -OS SEC - Linux Hardening
27 pages
Synopsis: Skills Required
No ratings yet
Synopsis: Skills Required
9 pages
Vulnerabilities in The Main Repo
No ratings yet
Vulnerabilities in The Main Repo
87 pages
Linux Distro Super Ringan Super Stabil Untuk Penggunaan Harian & Infrastruktur Penting Edisi Bahasa Inggris
From Everand
Linux Distro Super Ringan Super Stabil Untuk Penggunaan Harian & Infrastruktur Penting Edisi Bahasa Inggris
Cyber Jannah Sakura
No ratings yet
OPSunit 1&2
No ratings yet
OPSunit 1&2
9 pages
DevOps Interview QuestionS
No ratings yet
DevOps Interview QuestionS
10 pages
Git With Eclipse (EGit) - Tutorial
No ratings yet
Git With Eclipse (EGit) - Tutorial
27 pages
Chike Agbazue
No ratings yet
Chike Agbazue
6 pages
Undergraduate Topics in Computer Science
No ratings yet
Undergraduate Topics in Computer Science
25 pages
_2048 GAME USING PYTHON_REPORT
No ratings yet
_2048 GAME USING PYTHON_REPORT
52 pages
Smacking Git Around - Advanced Git Tricks
100% (2)
Smacking Git Around - Advanced Git Tricks
415 pages
Devops Record
No ratings yet
Devops Record
109 pages
Mercurial Manual-Editable
No ratings yet
Mercurial Manual-Editable
2 pages
Full download (Ebook) Mastering Microsoft Dynamics 365 Business Central: The complete guide for designing, 2nd Edition by Stefano Demiliani, Duilio Tacconi ISBN 9781837630646, 183763064X pdf docx
100% (11)
Full download (Ebook) Mastering Microsoft Dynamics 365 Business Central: The complete guide for designing, 2nd Edition by Stefano Demiliani, Duilio Tacconi ISBN 9781837630646, 183763064X pdf docx
55 pages
Architecture Decision Record (ADR)
No ratings yet
Architecture Decision Record (ADR)
7 pages
Quant Econ
No ratings yet
Quant Econ
462 pages
Project Report - (Editing Tool) : Ritu Munshi
No ratings yet
Project Report - (Editing Tool) : Ritu Munshi
73 pages
Learngit Answerhint
No ratings yet
Learngit Answerhint
39 pages
Satyabrata_resume_cl (1)
No ratings yet
Satyabrata_resume_cl (1)
1 page
Git Mock
No ratings yet
Git Mock
4 pages
6 - Git Action
No ratings yet
6 - Git Action
6 pages
Sinatra The Book
No ratings yet
Sinatra The Book
16 pages
wrpc
No ratings yet
wrpc
12 pages
Evolution of Version Control Systems and A Study On Tortoisesvn
No ratings yet
Evolution of Version Control Systems and A Study On Tortoisesvn
7 pages
bn2n7r3t1o6c-LFS207-labs_V2023-06-30
No ratings yet
bn2n7r3t1o6c-LFS207-labs_V2023-06-30
138 pages
Laravel 5 Post PDF
No ratings yet
Laravel 5 Post PDF
292 pages
Devops Viva Answers
No ratings yet
Devops Viva Answers
7 pages
Last Resort
No ratings yet
Last Resort
63 pages
Git Cheat Sheet - Simple Cheat Sheet
No ratings yet
Git Cheat Sheet - Simple Cheat Sheet
7 pages
Kiran: Professional Summary
No ratings yet
Kiran: Professional Summary
8 pages
(Ebook) Git Prodigy : Mastering Version Control with Git and GitHub by Ebenezer Don ISBN 9798851556104, 8851556105 - The newest ebook version is ready, download now to explore
100% (2)
(Ebook) Git Prodigy : Mastering Version Control with Git and GitHub by Ebenezer Don ISBN 9798851556104, 8851556105 - The newest ebook version is ready, download now to explore
86 pages