Ubuntu Security Notice USN-5986-1

Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Debian Security Advisory 5380-1

Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

Red Hat Security Advisory 2023-1514-01

Red Hat Security Advisory 2023-1514-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

Kernel Live Patch Security Notice LNS-0093-1

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Red Hat Security Advisory 2023-1513-01

Red Hat Security Advisory 2023-1513-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

Ubuntu Security Notice USN-5985-1

Ubuntu Security Notice 5985-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

Red Hat Security Advisory 2023-1310-01

Red Hat Security Advisory 2023-1310-01 - An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate.

Ubuntu Security Notice USN-5987-1

Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-1512-01

Red Hat Security Advisory 2023-1512-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, denial of service, deserialization, and information leakage vulnerabilities.

Ubuntu Security Notice USN-5983-1

Ubuntu Security Notice 5983-1 - Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2023-1529-01

Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-5984-1

Ubuntu Security Notice 5984-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

[webapps] Ecommerse v1.0 - Cross-Site Scripting (XSS)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

[webapps] ClicShopping v3.402 - Cross-Site Scripting (XSS)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

[webapps] Virtual Reception v1.0 - Web Server Directory Traversal

Virtual Reception v1.0 - Web Server Directory Traversal

[webapps] WPForms 1.7.8 - Cross-Site Scripting (XSS)

WPForms 1.7.8 - Cross-Site Scripting (XSS)

[webapps] Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

[local] CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token

CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token

[webapps] Dreamer CMS v4.0.0 - SQL Injection

Dreamer CMS v4.0.0 - SQL Injection

[webapps] LISTSERV 17 - Insecure Direct Object Reference (IDOR)

LISTSERV 17 - Insecure Direct Object Reference (IDOR)

[local] Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

[webapps] Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

[webapps] 4images 1.9 - Remote Command Execution (RCE)

4images 1.9 - Remote Command Execution (RCE)

[webapps] Concrete5 CME v9.1.3 - Xpath injection

Concrete5 CME v9.1.3 - Xpath injection

[dos] Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

[remote] Router ZTE-H108NS - Authentication Bypass

Router ZTE-H108NS - Authentication Bypass

[webapps] LISTSERV 17 - Reflected Cross Site Scripting (XSS)

LISTSERV 17 - Reflected Cross Site Scripting (XSS)

[webapps] Boa Web Server v0.94.14 - Authentication Bypass

Boa Web Server v0.94.14 - Authentication Bypass

[webapps] Covenant v0.5 - Remote Code Execution (RCE)

Covenant v0.5 - Remote Code Execution (RCE)

[webapps] myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

[webapps] Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

[local] Zillya Total Security 3.0.2367.0 - Local Privilege Escalation

Zillya Total Security 3.0.2367.0 - Local Privilege Escalation

Ubuntu Security Notice USN-5981-1

Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-1393-01

Red Hat Security Advisory 2023-1393-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.55.

Red Hat Security Advisory 2023-1392-01

Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.

Ubuntu Security Notice USN-5980-1

Ubuntu Security Notice 5980-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

Ubuntu Security Notice USN-5982-1

Ubuntu Security Notice 5982-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5979-1

Ubuntu Security Notice 5979-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5686-4

Ubuntu Security Notice 5686-4 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

[webapps] Helmet Store Showroom v1.0 - SQL Injection

Helmet Store Showroom v1.0 - SQL Injection

[remote] Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow

Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow

[remote] Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)

Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)

[webapps] Human Resource Management System 1.0 - SQL Injection (unauthenticated)

Human Resource Management System 1.0 - SQL Injection (unauthenticated)

[webapps] Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)

Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)

[webapps] Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

[local] Outline V1.6.0 - Unquoted Service Path

Outline V1.6.0 - Unquoted Service Path

[remote] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

[webapps] WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)

WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)

[webapps] Revenue Collection System v1.0 - Remote Code Execution (RCE)

Revenue Collection System v1.0 - Remote Code Execution (RCE)

[remote] Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)

Debian Security Advisory 5379-1

Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.

Ubuntu Security Notice USN-5978-1

Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

Apple Security Advisory 2023-03-27-9

Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.

Red Hat Security Advisory 2023-1486-01

Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.

Red Hat Security Advisory 2023-1409-01

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

Apple Security Advisory 2023-03-27-8

Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.

Apple Security Advisory 2023-03-27-7

Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-03-27-6

Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-5977-1

Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

Apple Security Advisory 2023-03-27-5

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.