Red Hat Security Advisory 2023-0160-01

Red Hat Security Advisory 2023-0160-01 - PostgreSQL is an advanced object-relational database management system.

January 13^th 2023 at 14:56

Debian Security Advisory 5316-1

Debian Linux Security Advisory 5316-1 - Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy.

January 12^th 2023 at 15:16

Red Hat Security Advisory 2023-0114-01

Red Hat Security Advisory 2023-0114-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

January 12^th 2023 at 15:15

Red Hat Security Advisory 2023-0110-01

Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

January 12^th 2023 at 15:15

Debian Security Advisory 5315-1

Debian Linux Security Advisory 5315-1 - XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.

January 12^th 2023 at 15:15

Red Hat Security Advisory 2023-0128-01

Red Hat Security Advisory 2023-0128-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.

January 12^th 2023 at 15:13

Red Hat Security Advisory 2023-0123-01

Red Hat Security Advisory 2023-0123-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

January 12^th 2023 at 15:13

Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.

January 12^th 2023 at 15:09

Red Hat Security Advisory 2023-0100-01

Red Hat Security Advisory 2023-0100-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

January 12^th 2023 at 15:07

Red Hat Security Advisory 2023-0099-01

Red Hat Security Advisory 2023-0099-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.

January 12^th 2023 at 15:02

Red Hat Security Advisory 2023-0116-01

Red Hat Security Advisory 2023-0116-01 - A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions.

January 12^th 2023 at 15:02

Red Hat Security Advisory 2023-0101-01

Red Hat Security Advisory 2023-0101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

January 12^th 2023 at 14:58

Red Hat Security Advisory 2023-0103-01

Red Hat Security Advisory 2023-0103-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

January 12^th 2023 at 14:57

Debian Security Advisory 5314-1

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.

January 12^th 2023 at 14:43

Red Hat Security Advisory 2023-0089-01

Red Hat Security Advisory 2023-0089-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Issues addressed include a script execution vulnerability.

January 12^th 2023 at 14:43

Red Hat Security Advisory 2023-0095-01

Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.

January 12^th 2023 at 14:40

Red Hat Security Advisory 2023-0087-01

Red Hat Security Advisory 2023-0087-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

January 12^th 2023 at 14:39

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

January 12^th 2023 at 14:39

Red Hat Security Advisory 2023-0078-01

Red Hat Security Advisory 2023-0078-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.

January 12^th 2023 at 14:35

Red Hat Security Advisory 2023-0076-01

Red Hat Security Advisory 2023-0076-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a traversal vulnerability.

January 12^th 2023 at 14:35

Red Hat Security Advisory 2023-0077-01

Red Hat Security Advisory 2023-0077-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.

January 12^th 2023 at 14:35

Red Hat Security Advisory 2023-0079-01

Red Hat Security Advisory 2023-0079-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13.

January 12^th 2023 at 14:34

Red Hat Security Advisory 2023-0074-01

Red Hat Security Advisory 2023-0074-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include deserialization and traversal vulnerabilities.

January 12^th 2023 at 14:25

Ubuntu Security Notice USN-5799-1

Ubuntu Security Notice 5799-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

January 11^th 2023 at 16:02

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-09
January 11^th 2023 at 16:02

Gentoo Linux Security Advisory 202301-09

Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.

January 11^th 2023 at 16:02

Debian Security Advisory 5313-1

Debian Linux Security Advisory 5313-1 - It was found that those using java.sql.Statement or java.sql.PreparedStatement in hsqldb, a Java SQL database, to process untrusted input may be vulnerable to a remote code execution attack.

January 11^th 2023 at 16:01

Ubuntu Security Notice USN-5793-3

Ubuntu Security Notice 5793-3 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

January 11^th 2023 at 15:57

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-08
January 11^th 2023 at 15:57

Gentoo Linux Security Advisory 202301-08

Gentoo Linux Security Advisory 202301-8 - Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. Versions less than 2.28.1 are affected.

January 11^th 2023 at 15:57

Ubuntu Security Notice USN-5793-4

Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

January 11^th 2023 at 15:39

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-07
January 11^th 2023 at 15:39

Gentoo Linux Security Advisory 202301-07

Gentoo Linux Security Advisory 202301-7 - Multiple vulnerabilities have been found in Alpine, the worst of which could result in denial of service. Versions less than 2.25 are affected.

January 11^th 2023 at 15:39

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-06
January 11^th 2023 at 15:34

Gentoo Linux Security Advisory 202301-06

Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.

January 11^th 2023 at 15:34

Debian Security Advisory 5312-1

Debian Linux Security Advisory 5312-1 - Several flaws have been discovered in libjettison-java, a collection of StAX parsers and writers for JSON. Specially crafted user input may cause a denial of service via out-of-memory or stack overflow errors.

January 11^th 2023 at 15:34

Red Hat Security Advisory 2023-0058-01

Red Hat Security Advisory 2023-0058-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

January 11^th 2023 at 15:34

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-05
January 11^th 2023 at 15:26

Gentoo Linux Security Advisory 202301-05

Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.

January 11^th 2023 at 15:26

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-04
January 11^th 2023 at 15:24

Gentoo Linux Security Advisory 202301-04

Gentoo Linux Security Advisory 202301-4 - A vulnerability has been discovered in jupyter_core which could allow for the execution of code as another user. Versions less than 4.11.2 are affected.

January 11^th 2023 at 15:24

Ubuntu Security Notice USN-5798-1

Ubuntu Security Notice 5798-1 - Johan Gorter discovered that .NET 6 incorrectly processed certain invalid HTTP requests. An attacker could possibly use this issue to cause a denial of service condition for an exposed endpoint.

January 11^th 2023 at 15:24

Ubuntu Security Notice USN-5791-3

Ubuntu Security Notice 5791-3 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.

January 11^th 2023 at 15:24

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-03
January 11^th 2023 at 15:23

Gentoo Linux Security Advisory 202301-03

Gentoo Linux Security Advisory 202301-3 - A vulnerability was found in scikit-learn which could result in denial of service. Versions less than 1.1.1 are affected.

January 11^th 2023 at 15:23

Red Hat Security Advisory 2023-0059-01

Red Hat Security Advisory 2023-0059-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

January 11^th 2023 at 15:19

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-02
January 11^th 2023 at 15:19

Gentoo Linux Security Advisory 202301-02

Gentoo Linux Security Advisory 202301-2 - Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service. Versions less than 22.10.0 are affected.

January 11^th 2023 at 15:19

Advisory Files ≈ Packet Storm
Gentoo Linux Security Advisory 202301-01
January 11^th 2023 at 15:15

Gentoo Linux Security Advisory 202301-01

Gentoo Linux Security Advisory 202301-1 - Multiple vulnerabilities have been found in NTFS-3G, the worst of which could result in arbitrary code execution. Versions less than 2022.10.3 are affected.

January 11^th 2023 at 15:15

Ubuntu Security Notice USN-5796-2

Ubuntu Security Notice 5796-2 - USN-5796-1 fixed a vulnerability in w3m. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.

January 11^th 2023 at 15:14

Red Hat Security Advisory 2023-0032-01

Red Hat Security Advisory 2023-0032-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.47. Issues addressed include a bypass vulnerability.

January 10^th 2023 at 14:10

Ubuntu Security Notice USN-5797-1

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

January 10^th 2023 at 14:10

Red Hat Security Advisory 2023-0050-01

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

January 10^th 2023 at 14:09

Ubuntu Security Notice USN-5796-1

Ubuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.

January 10^th 2023 at 14:08

Ubuntu Security Notice USN-5793-2

Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

January 10^th 2023 at 14:03

Advisory Files ≈ Packet Storm
MOV.AI Robotics Engine 2.2.3-3 Improper Access Control
January 10^th 2023 at 14:00

MOV.AI Robotics Engine 2.2.3-3 Improper Access Control

An improper access control vulnerability in MOV.AI Robotics Engine version 2.2.3-3 allows an unauthenticated user to delete an existing user or create new user-privileged functionality in the application.

January 10^th 2023 at 14:00

Ubuntu Security Notice USN-5795-1

Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.

January 10^th 2023 at 13:59

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

January 10^th 2023 at 13:54

Red Hat Security Advisory 2023-0049-01

Red Hat Security Advisory 2023-0049-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

January 10^th 2023 at 13:45

Ubuntu Security Notice USN-5782-3

Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered that Firefox was not handling fullscreen notifications when the browser window goes into fullscreen mode. An attacker could possibly use this issue to spoof the user and obtain sensitive information. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

January 10^th 2023 at 13:42

Ubuntu Security Notice USN-5792-2

Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

January 10^th 2023 at 13:40

Ubuntu Security Notice USN-5791-2

Ubuntu Security Notice 5791-2 - It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering.

January 10^th 2023 at 13:38

Red Hat Security Advisory 2023-0047-01

Red Hat Security Advisory 2023-0047-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

January 10^th 2023 at 13:34

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

January 10^th 2023 at 13:34

Red Hat Security Advisory 2023-0048-01

Red Hat Security Advisory 2023-0048-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Issues addressed include buffer overflow, bypass, and out of bounds write vulnerabilities.

January 10^th 2023 at 13:27

Full Disclosure
[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability
January 9^th 2023 at 20:11

[KIS-2023-04] Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

----------------------------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP
Object Injection Vulnerability
----------------------------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.1 and prior versions.

[-] Vulnerability Description:

The...

January 9^th 2023 at 20:11

Full Disclosure
[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability
January 9^th 2023 at 20:10

[KIS-2023-03] Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability

Posted by Egidio Romano on Jan 09

-----------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection
Vulnerability
-----------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/sheet/grid.php script,
specifically into...

January 9^th 2023 at 20:10

Full Disclosure
[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability
January 9^th 2023 at 20:09

[KIS-2023-02] Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability

Posted by Egidio Romano on Jan 09

--------------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection
Vulnerability
--------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 24.0 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the /lib/structures/structlib.php
script,...

January 9^th 2023 at 20:09